Systems and methods for content distribution including resending data

ABSTRACT

An information receiving apparatus receives identification information and encrypted identification information and makes a comparison between them to allow prevention of illegal utilization of contents data. Also, a data storage apparatus can record contents data encrypted by a content key and the content key so that the contents data can be reproduced on other apparatuses to improve versatility. Moreover, a management apparatus can manage the contents data in the data storage apparatus to allow other apparatuses to utilize it. And also, an information regulating apparatus can verify a signature on available data to prevent illegal utilization of the contents data. Furthermore, the data storage apparatus can store the content key, its handling policies, the contents data encrypted by the content key and its license conditions information so as to safely provide the contents data. In addition, an information recording apparatus can select favorite contents data and store it on the data storage apparatus. Furthermore, the information receiving apparatus can prevent utilization of provision-prohibited contents data by a provision prohibition list.

TECHNICAL FIELD

The present invention relates to an information sending system, aninformation sending apparatus and its method, an information receivingapparatus and its method, a recording and reproducing system, arecording and reproducing apparatus and its method, a reproducingapparatus and its method, a data storage apparatus and its method, adata management system, a management apparatus, a data managementmethod, a data management and migration method, an information provisionsystem, an information regulating apparatus and its method, a datautilization method, an information provision apparatus and its method,an information recording apparatus, a list sending apparatus and itsmethod and a program storage medium, and suitably applies, for instance,to an information sending system wherein a contents holder or seller cansafely distribute the contents to contents users.

BACKGROUND ART

Conventionally, there is a system wherein information (contents) such asmusic is encrypted and sent to an information processing apparatus of auser having executed a predetermined agreement so that the user maydecrypt and utilize the contents on the information processingapparatus.

For instance, as shown in FIG. 116, a case where two contents sendingapparatuses and one contents receiving apparatus are provided will bedescribed.

First contents sending apparatus 600 comprises data encryption section601, data encryption section 602, content key generation section 603 andtamper resistant memory 604. Moreover, the tamper resistant memoryreferred to here may be any such memory as will not have its data easilyread by a third party, and no hardware-wise limitation is required inparticular (for instance, it may be a hard disk placed in anentry-controlled room or a hard disk of a password-controlled personalcomputer). Tamper resistant memory 604 stores distribution key K_(d)necessary to encrypt content key K_(co) supplied in advance from anelectronic distribution service center (not illustrated).

In order to generate data to be delivered to contents receivingapparatus 620, first contents sending apparatus 600 generates contentkey K_(co1) by using content key generation section 603, and encryptscontents by using this key at data encryption section 601. Also, contentkey K_(co1) is encrypted by using distribution key K_(d) at dataencryption section 602. These encrypted contents and content key K_(co1)are sent to contents receiving apparatus 620.

Incidentally, like contents sending apparatus 600, second contentssending apparatus 610 comprises data encryption section 611, dataencryption section 612, content key generation section 613 and tamperresistant memory 614, and generates content key K_(co2) at content keygeneration section 613, and encrypts contents by using this key at dataencryption section 611. Also, data encryption section 612 encryptscontent key K_(co2) by using distribution key K_(d) supplied from theelectronic distribution service center (not illustrated). Thus, secondcontents sending apparatus 610 sends the encrypted contents andencrypted content key K_(co2) to contents receiving apparatus 620.

Contents receiving apparatus 620 comprises sending and receiving section621, upper controller 622, encryption processing section 623, memory624, data decryption section 625, data decryption section 626 and tamperresistant memory 627. Moreover, as there are such an indefinite numberof contents users that it cannot be grasped how they will handle theapparatuses, the tamper resistant memory referred to here requires itsinternal data to be protected hardware-wise, and thus encryptionprocessing section 623 is a semiconductor chip of a structure difficultto access from outside and has a multilayered structure wherein thetamper resistant memory inside it has characteristics making itdifficult to illicitly read data from outside such as being sandwichedbetween dummy layers like aluminum layers and having a narrow range ofoperating voltage or frequency. And tamper resistant memory 627 storesdistribution key K_(d) supplied in advance from the electronicdistribution service center (not illustrated).

Incidentally, while tamper resistant memories 604, 614 of first andsecond contents sending apparatuses 600 and 610 are the memoriesaccessible from outside, methods of accessing them are limited. It maybe password or entry control. On the other hand, as for tamper resistantmemory 627 of contents receiving apparatus 620, the memory itself has astructure not to be illicitly accessed from outside, and there islimited or no method of reading its internal data from outside by formalmeans for access. Moreover, while it is impossible to read internal dataof tamper resistant memory 627 from outside, there may be a method ofaccess only capable of changing data from outside if former key data orthe like is used. Also, in encryption processing section 623, it ispossible to access a memory and read predetermined data, but it isimpossible to read internal memory from outside.

Contents and content keys K_(co1) and K_(co2) sent from first or secondcontents sender 600 or 610 are received by sending and receiving section621 and delivered to upper controller 622. Upper controller 622 storessuch data in memory 624 once, and in the case of utilizing the contents,it delivers content key K_(co) and the contents to encryption processingsection 623. On receiving them, encryption processing section 623decrypts them by using distribution key K_(d) stored in tamper resistantmemory 627 in advance in data decryption section 625, and then decryptsthem by using content key K_(co) in data decryption section 626, andutilizes the contents. At this time, there are cases where it involvesaccounting.

Incidentally, in an information processing system shown in FIG. 116,there was a problem that a method had yet to be established forpreventing the contents from being illicitly utilized such as providingillegal contents to the system or illicitly benefiting a third party dueto accounting involved in use of contents.

Also, in such an information provision system, there are cases whererecording and reproducing apparatus 630 shown in FIG. 117 is provided,and such recording and reproducing apparatus 630 has, for instance,record medium 640 consisting of MD (Mini Disk: a trademark) provided ina removable manner.

In this case, recording and reproducing apparatus 630 comprises sendingand receiving section 631, control section 632, encryption processingsection 633, expansion section 634 and external memory control section635, and it stores distribution key K_(d) for decrypting content keyK_(co) supplied in advance from an electronic distribution servicecenter (not illustrated) to encryption processing section 633 and alsoholds save key K_(save) unique to encryption processing section 633.

And recording and reproducing apparatus 630 has encrypted contents andcontent key K_(co) sent from first or second contents sending apparatus600 or 610 received by sending and receiving section 631, and sends outthe received encrypted contents and content key K_(co) to controlsection 632. Control section 632 holds the encrypted contents in recordmedium 640 via external memory control section 635, and sends outencrypted content key K_(co) to encryption processing section 633.

Thus, encryption processing section 633 decrypts encrypted content keyK_(co) by using distribution key K_(d), and then decrypts content keyK_(co) by using save key K_(save) and sends out content key K_(co)encrypted by the save key K_(save) to control section 632. Thus, controlsection 632 has content key K_(co) encrypted by save key K_(save) heldby record medium 640 via external memory control section 635.

Moreover, in the case of utilizing contents, in recording andreproducing apparatus 630, control section 322 reads encrypted contentsand content key K_(co) from record medium 640 so as to send out theencrypted contents to expansion section 634 and also send out encryptedcontent key K_(co) to encryption processing section 633. Thus,encryption processing section 633 decrypts encrypted content key K_(co)by the save key K_(save) and sends out acquired content key K_(co) toexpansion section 634. Thus, expansion section 634 decrypts encryptedcontents by using content key K_(co) and is accordingly capable of usingthe contents.

In such recording and reproducing apparatus 630, however, even if recordmedium 630 is loaded, for instance, on a recording and reproducingapparatus other than recording and reproducing apparatus 630 used forrecording contents by holding content key K_(co) encrypted by save keyK_(save) unique to encryption processing section 633 on record medium640 and having the save key K_(save) held by encryption processingsection 633, the contents recorded on record medium 640 cannot bereproduced on the other recording and reproducing apparatus since itdoes not hold the save key K_(save) used for recording the content keyK_(co).

Therefore, such record medium 640 had a problem that its versatility isremarkably low in spite of being provided in a removable manner torecording and reproducing apparatus 630.

In addition to this, recording and reproducing apparatus 630 had aproblem that, even if a user wanted to utilize the contents recorded onthe record medium by recording them on another apparatus or anotherrecord medium, they could not be easily utilized since the record mediumwas provided in a removable manner.

Furthermore, the information processing system had a problem that, evenin contents receiving apparatus 620, a method had yet to be establishedfor preventing received contents from being illicitly utilized.

Moreover, contents receiving apparatus 620 to be connected to first andsecond contents sending apparatuses 600 and 610 had a problem that, asit is assumed to be owned by a user, contents cannot be easily providedfor anyone else not in possession of the contents receiving apparatus620.

In addition, the information processing system had a problem that, inthe case where a user uses contents receiving apparatus 620 to record aplurality of favorite contents on a predetermined record medium andcreates an album, the favorite contents had to be read and recorded oneby one in the record medium by using contents receiving apparatus 620,which recording work was complicated.

Furthermore, the information provision system had a problem that, in thecase where any contents of which transmission was stopped due tooccurrence of a defect (occurrence of an error in data), for instance,was sent by mistake from first and second contents sending apparatuses600 and 610 to contents receiving apparatus 620, it was difficult toprevent utilization of the contents on the contents receiving apparatus620.

DISCLOSURE OF THE INVENTION

The present invention is implemented in consideration of the abovepoints, and proposes an information sending system, an informationsending apparatus, an information receiving apparatus, an informationsending method, an information receiving method and a program storagemedium to prevent contents data from being illicitly utilized.

To find a solution to such a challenge, the present invention provides,in an information sending system for sending predetermined contents datafrom an information sending apparatus to an information receivingapparatus, the means for holding identification information to identifyan information sending apparatus encrypted by a distribution key uniqueto the information receiving apparatus, adding identificationinformation to contents data in order to make a comparison withidentification information encrypted by a distribution key, and sendingidentification information encrypted by a distribution key together withcontents data with identification information added in an informationsending apparatus, and provides the means for holding a distributionkey, receiving contents data with identification information added andidentification information encrypted by a distribution key, decryptingby a distribution key identification information encrypted by thedistribution key, and comparing identification information added tocontents data with decrypted identification information in aninformation receiving apparatus.

Thus, it is possible to easily and securely determine whether or not thecontents data can be properly utilized from results of comparingidentification information added to contents data with decryptedidentification information, and an information sending system can beimplemented, which is capable of preventing the contents data from beingillicitly utilized.

Also, the present invention provides, in an information sendingapparatus sending predetermined contents data to an informationreceiving apparatus, the means for holding identification information toidentify an information sending apparatus encrypted by a distributionkey unique to the information receiving apparatus, adding identificationinformation to contents data in order to make a comparison withidentification information encrypted by a distribution key, and sendingidentification information encrypted by a distribution key together withcontents data with identification information added.

Therefore, it is possible to provide a transmission subject withidentification information added to contents data and encryptedidentification information to be compared in order to determine whetheror not the contents data can be properly utilized, and thus aninformation sending apparatus and a program storage medium capable ofpreventing the contents data from being illicitly utilized can beimplemented.

Furthermore, the present invention provides, in an information receivingapparatus for receiving predetermined contents data sent from aninformation sending apparatus, the means for holding a predetermineddistribution key unique to the information receiving apparatus,receiving contents data sent from an information sending apparatus withidentification information added to identify the information sendingapparatus and identification information encrypted by a distributionkey, decrypting by a distribution key the identification informationencrypted by the distribution key, and comparing the identificationinformation added to the contents data with the decrypted identificationinformation.

Thus, it is possible to easily and securely determine whether or not thecontents data can be properly utilized from results of comparingidentification information added to contents data with decryptedidentification information, and accordingly an information receivingsystem, an information receiving method and a program storage mediumcapable of preventing the contents data from being illicitly utilizedcan be implemented.

In addition, the present invention provides, in an information sendingsystem for sending predetermined contents data from an informationsending apparatus to an information receiving apparatus, the means forsending, together with contents data, data of the maximum number oftimes of possible resending predefined to the contents data in aninformation sending apparatus, and provides the means for receiving,together with contents data, data of maximum number of times, generatingdata of the remaining number of times of possible resending of contentsdata based on data of the maximum number of times, and resending, thatis, sending together with contents data, data of the remaining number oftimes in an information receiving apparatus.

Thus, it is possible to prevent contents data from being resent moreoften than the predefined maximum number of times of possible resending,and accordingly an information sending system capable of preventing thecontents data from being illicitly utilized can be implemented.

Moreover, the present invention provides, in an information sendingapparatus for sending predetermined contents data to an informationreceiving apparatus, the means for sending to an information receivingapparatus, together with contents data, data of the maximum number oftimes of possible resending predefined to the contents data.

Therefore, it is possible to notify a transmission subject of thepredefined maximum number of times of possible resending for contentsdata, and accordingly an information sending apparatus capable ofpreventing the contents data from being illicitly utilized can beimplemented.

Furthermore, the present invention provides, in an information receivingapparatus for receiving predetermined contents data sent from aninformation sending apparatus, the means for receiving contents data anddata of maximum number of times of possible resending predefined to thecontents data sent from the information sending apparatus, generatingdata of the remaining number of times of possible resending of contentsdata based on data of the maximum number of times, and resending, thatis, sending together with contents data, data of the remaining number oftimes.

Thus, it is possible to prevent contents data from being resent moreoften than the predefined maximum number of times of possible resending,and accordingly an information receiving apparatus, an informationreceiving method and a program storage medium capable of preventing thecontents data from being illicitly utilized can be implemented.

Moreover, the present invention provides, in an information sendingmethod for sending predetermined contents data from an informationsending apparatus to an information receiving apparatus, the steps ofadding identification information to identify the information sendingapparatus to contents data by the information sending apparatus, sendingcontents data with identification information added and identificationinformation to identify the information sending apparatus encrypted by adistribution key unique to the information receiving apparatus by theinformation sending apparatus, receiving contents data withidentification information added and identification informationencrypted by a distribution key by the information receiving apparatus,decrypting by a distribution key identification information encrypted bythe distribution key by the information receiving apparatus, andcomparing identification information added to contents data withdecrypted identification information by the information receivingapparatus.

Thus, it is possible to easily and securely determine whether or not thecontents data can be properly utilized from results of comparingidentification information added to contents data with decryptedidentification information, and accordingly an information sendingmethod capable of preventing the contents data from being illicitlyutilized can be implemented.

Moreover, the present invention provides, in an information sendingmethod for sending predetermined contents data from an informationsending apparatus to an information receiving apparatus, the steps ofsending, together with contents data, data of the predefined maximumnumber of times of possible resending to the contents data by theinformation sending apparatus, receiving, together with contents data,data of maximum number of times by the information receiving apparatus,generating data of the remaining number of times of possible resendingof contents data based on data of the maximum number of times by theinformation receiving apparatus, and resending, that is, sendingtogether with contents data, data of the remaining number of times bythe information receiving apparatus.

Thus, it is possible to prevent contents data from being resent moreoften than the predefined maximum number of times of possible resending,and accordingly an information sending method and a program storagemedium capable of preventing the contents data from being illicitlyutilized can be implemented.

Moreover, the present invention is implemented in consideration of theabove points, and is intended to propose a recording and reproducingsystem, a recording and reproducing apparatus, a reproducing apparatus,a data storage apparatus, a recording and reproducing method, areproducing method and a program storage medium capable of markedlyimproving versatility of data storage apparatuses.

To find a solution to such a challenge, the present invention provides,in a recording and reproducing system for recording and reproducingpredetermined contents data sent from an information sending apparatuson a removable data storage apparatus by a recording and reproducingapparatus, the means for encrypting contents data by a predeterminedcontent key, and sending a content key and the contents data encryptedby the content key in an information sending apparatus, and provides, inthe recording and reproducing apparatus, the means for receiving acontent key and the contents data encrypted by the content key sent fromthe information sending apparatus, sending out the received content keyand the contents data encrypted by the content key to a data storageapparatus and having them recorded thereby or having the content key andthe contents data encrypted by the content key reproduced from the datastorage apparatus to read them, and provides, in the data storageapparatus, the means for holding a predetermined record medium and apredetermined save key, encrypting a content key by a save key,recording a content key encrypted by a save key and the contents dataencrypted by the content key on a record medium or reproducing a contentkey encrypted by a save key and the contents data encrypted by thecontent key from the record medium, and decrypting the content keyencrypted by a save key by the save key.

Thus, to the extent that it is not necessary to hold a save key on therecording and reproducing apparatus side, contents data can bereproduced from a data storage apparatus by a recording and reproducingapparatus other than one recording contents data on the data storageapparatus, and thus a recording and reproducing system capable ofmarkedly improving versatility of data storage apparatuses can beimplemented.

Also, the present invention provides, in a recording and reproducingapparatus for which a data storage apparatus having a predeterminedrecord medium is provided in a removable manner, the means forcontrolling recording and reproducing for sending out contents dataencrypted by a predetermined content key and the content key to a datastorage apparatus, encrypting the content key by using a predeterminedsave key unique to the data storage apparatus, having the content keyencrypted by the save key and the contents data encrypted by content keyrecorded on a record medium, and also having the content key encryptedby the save key and the contents data encrypted by content keyreproduced from the record medium, decrypting the content key encryptedby a save key by using the save key, and reading the acquired contentkey and the contents data encrypted by the content key from the datastorage apparatus.

Thus, to the extent that it is not necessary to hold a save key, thecontents data can be reproduced from a data storage apparatus recordingcontents data on another recording and reproducing apparatus, and thus arecording and reproducing apparatus, a recording and reproducing methodand a program storage medium capable of markedly improving versatilityof data storage apparatuses can be implemented.

In addition, the present invention provides, in a reproducing apparatusfor which a data storage apparatus having a predetermined record mediumis provided in a removable manner, the means for controlling reproducingfor having contents data encrypted by a predetermined content keyrecorded in advance on a record medium of the data storage apparatus anda content key encrypted by a predetermined save key unique to the datastorage apparatus reproduced, decrypting the content key encrypted by asave key by using the save key, and reading the acquired content key andthe contents data encrypted by the content key from the data storageapparatus.

Thus, to the extent that it is not necessary to hold a save key, thecontents data can be reproduced from a data storage apparatus on anyrecording and reproducing apparatus, and thus a reproducing apparatus, areproducing method and a program storage medium capable of markedlyimproving versatility of data storage apparatuses can be implemented.

Moreover, the present invention provides, in a data storage apparatusprovided in a removable manner on a recording and/or reproducingapparatus for recording and/or reproducing predetermined data undercontrol of the recording and/or reproducing apparatus, the means forholding a predetermined record medium and a predetermined save key,communicating, that is, sending and receiving predetermined contentsdata encrypted by a predetermined content key and the content keybetween itself and a recording and/or reproducing apparatus, encryptinga content key by a save key under control of the recording and/orreproducing apparatus, recording the content key encrypted by a save keyand contents data encrypted by the content key on a record medium orreproducing the content key encrypted by a save key and contents dataencrypted by the content key from the record medium under control of therecording and/or reproducing apparatus, and decrypting the content keyencrypted by a save key by using the save key under control of therecording and/or reproducing apparatus.

Thus, even if a recording and reproducing apparatus does not hold a savekey, the contents data can be recorded or reproduced, and thus a datastorage apparatus and a program storage medium capable of markedlyimproving versatility can be implemented.

Furthermore, the present invention is implemented in consideration ofthe above points, and is intended to propose a data management system, amanagement apparatus, a data storage apparatus and a data managementmethod, a data management and migration method and a program storagemedium, which allow contents data recorded on a data storage apparatusto be easily utilized by various apparatuses.

To find a solution to such a challenge, the present invention provides,in a data management system, a predetermined data storage apparatus, arecording apparatus for recording predetermined contents data on a datastorage apparatus, a management apparatus for capturing contents datastored in a data storage apparatus and managing movement of the capturedcontents data to various apparatuses in place of the data storageapparatus to be connected to various apparatuses.

Therefore, it is possible to easily move the contents data recorded on adata storage apparatus to various apparatuses under management of amanagement apparatus, and thus a data management system that allowcontents data recorded on a data storage apparatus to be easily utilizedby various apparatuses can be implemented.

Also, the present invention captures predetermined contents datarecorded in a data storage apparatus, and manages movement of thecaptured contents data to various apparatuses in place of the datastorage apparatus in a management apparatus connecting variousapparatuses with a predetermined data storage apparatus.

Thus, it is possible to manage contents data recorded in a data storageapparatus in place of the data storage apparatus and easily move thecontents data to various apparatuses, and thus a management apparatus, adata management method and a program storage medium that allow contentsdata recorded on a data storage apparatus to be easily utilized byvarious apparatuses can be implemented.

Furthermore, the present invention manages, under control of apredetermined recording apparatus, movement of contents data to variousapparatuses in a data storage apparatus for recording predeterminedcontents data, and when the various apparatuses are connected to apredetermined management apparatus to be connected to, it moves contentsdata to the management apparatus.

Therefore, it is possible to rely on a management apparatus formanagement of recorded contents data and easily move the contents datato various apparatuses via the management apparatus, and thus a datastorage apparatus, a data management and migration method and a programstorage medium that allow contents data recorded on a data storageapparatus to be easily utilized by various apparatuses can beimplemented.

Moreover, the present invention provides, in a data management method,the steps of recording predetermined contents data on a predetermineddata storage apparatus by a predetermined recording apparatus, andmanaging, that is, capturing contents data stored in a data storageapparatus and managing movement of the captured contents data to variousapparatuses in place of the data storage apparatus by a managementapparatus to be connected to various apparatuses.

Thus, it is possible to easily move the contents data recorded on a datastorage apparatus to various apparatuses under management of amanagement apparatus, and thus a data management method that allowscontents data recorded on a data storage apparatus to be easily utilizedby various apparatuses can be implemented.

Furthermore, the present invention is implemented in consideration ofthe above points, and is intended to propose an information provisionsystem, an information regulating apparatus, an information receivingapparatus, an information provision method, an information regulatingmethod, a data utilization method and a program storage medium capableof preventing contents data from being illicitly utilized.

To find a solution to such a challenge, the present invention provides,in an information provision system, an information receiving apparatusfor receiving predetermined contents data that is sent and adding asignature to and sending utilization permission data showing thereceived contents data, an information regulating apparatus forverifying a signature on utilization permission data to determinewhether the utilization permission data is illegal data and ifdetermined so, prohibiting the information receiving apparatus fromutilizing the contents data.

Thus, an information provision system can be implemented, which iscapable of determining by an information regulating apparatus in advancewhether the contents data received by an information receiving apparatuswill be illicitly utilized and preventing the contents data from beingillicitly utilized.

Also, in the present invention, an information regulating apparatusconnected online to a predetermined information receiving apparatusshows predetermined contents data received from the informationreceiving apparatus and has utilization permission data with a signatureadded sent so as to verify the signature on the utilization permissiondata and determine whether the utilization permission data is illegaldata and if determined so, the information receiving apparatus isprohibited from utilizing the contents data.

Thus, an information regulating apparatus, an information regulatingmethod and a program storage medium capable of, by determining inadvance whether the contents data received by the information receivingapparatus will be illicitly used, preventing the contents data frombeing illicitly utilized can be implemented.

Moreover, in the present invention, an information receiving apparatusconnected online to a predetermined information regulating apparatusreceives predetermined contents data that is sent and adds toutilization permission data showing the received contents data asignature capable of determining whether the contents data shown by theutilization permission data is tampered to other contents data and thensends it to the information regulating apparatus.

Thus, an information receiving apparatus, a data utilization method anda program storage medium capable of, by having an information regulatingapparatus determine in advance whether received contents data will beillicitly utilized, preventing the contents data from being illicitlyutilized can be implemented.

Furthermore, the present invention provides, in an information provisionmethod, the steps of sending, that is, receiving predetermined contentsdata and adding a signature to and sending utilization permission datashowing the received contents data by an information receivingapparatus, and prohibiting utilization, that is, verifying a signatureon utilization permission data to determine whether the utilizationpermission data is illegal data and if determined so, prohibiting theinformation receiving apparatus from utilizing the contents data byinformation regulating apparatus.

Thus, an information provision method can be implemented, which iscapable of determining by an information regulating apparatus in advancewhether the contents data received by an information receiving apparatuswill be illicitly utilized and preventing the contents data from beingillicitly utilized.

In addition, the present invention is implemented in consideration ofthe above points, and is intended to propose an information provisionsystem, an information provision apparatus, a data storage apparatus, aninformation provision method, a data store method and a program storagemedium capable of easily providing contents data.

To find a solution to such a challenge, the present invention provides,in an information provision system providing an information provisionapparatus with predetermined contents data sent from an informationsending apparatus, the means for encrypting contents data by apredetermined content key, and sending a content key and contents dataencrypted by the content key in the information sending apparatus, andprovides the means for receiving the content key and contents dataencrypted by the content key sent from the information sendingapparatus, decrypting by the content key the contents data encrypted bythe content key, inserting a digital watermark, that is, inserting by adigital watermark predetermined information into the contents datadecrypted by the content key, and recording the contents data with theinformation inserted on a removable record medium in the informationprovision apparatus.

Thus, it is possible, even if an information user does not have acontents data receiving apparatus, to record contents data on a recordmedium of the information user with ensured security, and accordingly aninformation provision system capable of easily providing contents datacan be implemented.

Moreover, the present invention provides, in an information provisionapparatus providing predetermined contents data sent from an informationsending apparatus, the means for receiving contents data encrypted by apredetermined content key and the content key sent from the informationsending apparatus, decrypting by the content key the contents dataencrypted by the content key, inserting a digital watermark, that is,inserting by a digital watermark predetermined information into thecontents data decrypted by the content key, and recording the contentsdata with the information inserted on a removable record medium.

Thus, it is possible, even if an information user does not have acontents data receiving apparatus, to record contents data on a recordmedium of the information user with ensured security, and accordingly aninformation provision apparatus, an information provision method and aprogram storage medium capable of easily providing contents data can beimplemented.

Furthermore, the present invention provides, in an information provisionapparatus providing predetermined contents data sent from an informationsending apparatus, the means for creating license conditions informationprescribing conditions for using contents data based on handlingpolicies prescribing conditions for use of a content key sent from theinformation sending apparatus together with a content key and thecontents data encrypted by the content key, and storing, that is,sending the handling policies and the license conditions informationtogether with the content key and the contents data encrypted by thecontent key to a predetermined removable data storage apparatus andstoring them thereon.

Thus, it is possible, even if an information user does not have acontents data receiving apparatus, to record contents data on a datastorage apparatus of the information user with ensured security, andaccordingly an information provision apparatus, an information provisionmethod and a program storage medium capable of easily providing contentsdata can be implemented.

In addition, the present invention provides, in an data storageapparatus storing predetermined contents data sent from an informationprovision apparatus, the means for receiving a content key and contentsdata encrypted by the content key, handling policies prescribingconditions for using the content key, and license conditions informationprescribing conditions for using the contents data created as necessarybased on the handling policies sent from a predetermined record mediumand an information provision apparatus, and recording the content key,the contents data encrypted by the content key, the handling policiesand the license conditions information on a record medium.

Thus, it is possible, even if an information user does not have acontents data receiving apparatus, to record contents data with ensuredsecurity, and accordingly a data storage apparatus, a data storageapparatus and a program storage medium capable of easily providingcontents data can be implemented.

Furthermore, the present invention is implemented in consideration ofthe above points, and implements an information recording apparatus, adata storage apparatus, a data store method and a program storage mediumcapable of easily recording a plurality of favorite contents data.

To find a solution to such a challenge, the present invention provides,in an information recording apparatus storing predetermined contentsdata on a predetermined data storage apparatus, the means for selecting,that is, categorizing and managing a contents server holding a pluralityof contents data and the contents data held on the contents server, andif a desired category and a number of contents are specified,arbitrarily selecting a plurality of contents data equivalent to thespecified number of contents among the contents data belonging to thespecified category, and storing, that is, reading the selected contentsdata from the contents server and storing it on the data storageapparatus.

Thus, it is possible to easily select and store on a data storageapparatus a plurality of a user's favorite contents data, andaccordingly an information recording apparatus, a data store method anda program storage medium capable of easily recording a plurality offavorite contents data can be implemented.

Moreover, the present invention provides, in a data storage apparatus onwhich predetermined contents data is stored by an information recordingapparatus, the means for receiving a plurality of contents databelonging to a desired category among a plurality of categorizedcontents data and equivalent to a desired number of contents sent from apredetermined record medium and the information recording apparatus, andrecording the contents data collectively on the record medium.

Thus, a data storage apparatus, a data store method and a programstorage medium capable of recording a plurality of favorite contentsdata sent from an information recording apparatus can be implemented.

Furthermore, the present invention is implemented in consideration ofthe above points, and is intended to propose an information provisionsystem, a list sending apparatus, an information receiving apparatus, aninformation provision method, an information receiving method, a listsending method and a program storage medium capable of almost certainlypreventing contents data of which provision is prohibited from beingutilized.

To find a solution to such a challenge, the present invention provides,in an information provision system, an information sending apparatus forsending predetermined contents data, a list sending apparatus forcreating a provision prohibition list showing contents data designatedas provision-prohibited and sending the created prohibition list, and aninformation receiving apparatus for determining whether contents datasent from the information sending apparatus is provision-prohibitedbased on the provision prohibition list, and if determined so, stoppingcapture of the contents data.

Thus, in an information receiving apparatus, an information provisionsystem can be implemented, which is capable of almost certainlypreventing provision-prohibited contents and contents sent from autilization-prohibited information sending apparatus from being boughtand accordingly capable of almost certainly preventingprovision-prohibited contents data from being utilized.

Also, the present invention provides, in a list sending apparatus forsending a predetermined list to an information receiving apparatusreceiving predetermined contents data sent from an information sendingapparatus, the means for creating a list, that is, creating a provisionprohibition list showing contents data designated asprovision-prohibited, and sending a provision prohibition list to theinformation receiving apparatus.

Thus, in an information receiving apparatus, a list sending apparatus, alist sending method and a program storage medium capable of, based on aprovision prohibition list, almost certainly preventingprovision-prohibited contents and contents sent from autilization-prohibited information sending apparatus from being boughtand accordingly capable of almost certainly preventingprovision-prohibited contents data from being utilized can beimplemented.

Moreover, the present invention provides, in an information receivingapparatus receiving predetermined contents data sent from an informationsending apparatus and a predetermined list sent from a list sendingapparatus, the means for holding a list, that is, holding a provisionprohibition list showing contents data designated asprovision-prohibited sent from the list sending apparatus, and stoppingcapture, that is, determining whether contents data sent from aninformation sending apparatus is provision-prohibited, and if determinedso, stopping capture of the contents data.

Thus, an information receiving apparatus, an information receivingmethod and a program storage medium capable of almost certainlypreventing provision-prohibited contents and contents sent from autilization-prohibited information sending apparatus from being boughtand accordingly capable of almost certainly preventingprovision-prohibited contents data from being utilized can beimplemented.

Moreover, the present invention provides, in an information providingmethod, the steps of sending a list, that is, creating a provisionprohibition list showing contents data designated asprovision-prohibited and sending the created provision prohibition listby a list sending apparatus, sending predetermined contents data by aninformation sending apparatus, and stopping capture, that is,determining by an information receiving apparatus whether contents datasent from an information sending apparatus is provision-prohibited basedon the provision prohibition list, and if determined so, stoppingcapture of the contents data.

Thus, in an information receiving apparatus, an information provisionmethod can be implemented, which is capable of almost certainlypreventing provision-prohibited contents and contents sent from autilization-prohibited information sending apparatus from being boughtand accordingly capable of almost certainly preventingprovision-prohibited contents data from being utilized.

Incidentally, in online equipment and offline equipment of aninformation receiving apparatus, when sending contents data between theonline equipment and the offline equipment, history information iscreated according to identification information of the contents data andidentification information of the equipment of the source, and onreceipt of a provision prohibition list, the history information issearched, and if contents data that newly became provision-prohibited issent, a current provision prohibition list held by the equipment is sentto the source of the contents data so as to prevent any illegal contentsdata from diffusing from the source equipment to any other equipment.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing overall configuration of an electronicmusic distribution system according to the present invention.

FIG. 2 is a block diagram showing configuration of an electronicdistribution service center.

FIG. 3 is a skeleton diagram showing an example of a periodic update ofa key.

FIG. 4 is a skeleton diagram showing an example of a periodic update ofa key.

FIG. 5 is a skeleton diagram showing an example of a periodic update ofa key.

FIG. 6 is a skeleton diagram showing an example of a periodic update ofa key.

FIG. 7 is a skeleton diagram showing data contents of a userregistration database.

FIG. 8 is a skeleton diagram showing registration information of eachindividual group.

FIG. 9 is a block diagram showing configuration of a contents provider.

FIG. 10 is a flowchart showing a procedure for generating a signature.

FIG. 11 is a flowchart showing a procedure for verifying a signature.

FIG. 12 is a flowchart showing a method of elliptic curve encryption.

FIG. 13 is a flowchart showing a decrypting process of elliptic curveencryption.

FIG. 14 is a block diagram showing configuration of a service provider.

FIG. 15 is a block diagram showing configuration of a user home network.

FIG. 16 is a skeleton diagram served for explanation of operation of anexternal memory control section.

FIG. 17 is a block diagram showing configuration of a record mediumdedicated to electronic distribution.

FIG. 18 is a block diagram showing data contents of the equipment.

FIG. 19 is a block diagram showing data contents held by a recordmedium.

FIG. 20 is a skeleton block diagram showing data flow of the entiresystem.

FIG. 21 is a skeleton block diagram showing flow of a public keycertificate.

FIG. 22 is a skeleton diagram showing a contents provider securecontainer.

FIG. 23 is a skeleton diagram showing a contents provider securecontainer.

FIG. 24 is a skeleton diagram showing a contents provider securecontainer.

FIG. 25 is a skeleton diagram showing a contents provider securecontainer.

FIG. 26 is a skeleton block diagram showing a public key certificate ofa contents provider.

FIG. 27 is a skeleton block diagram showing a public key certificate ofa contents provider.

FIG. 28 is a skeleton block diagram showing a public key certificate ofa contents provider.

FIG. 29 is a skeleton diagram showing a service provider securecontainer.

FIG. 30 is a skeleton diagram showing a service provider securecontainer.

FIG. 31 is a skeleton diagram showing a public key certificate of aservice provider.

FIG. 32 is a skeleton diagram showing a public key certificate of userequipment.

FIG. 33 is a diagram showing handling policies of single contents.

FIG. 34 is a diagram showing handling policies of album contents.

FIG. 35 is a diagram showing another example of handling policies ofsingle contents.

FIG. 36 is a diagram showing another example of handling policies ofalbum contents.

FIG. 37 is a diagram showing price information of single contents.

FIG. 38 is a diagram showing price information of album contents.

FIG. 39 is a diagram showing another example of price information ofsingle contents.

FIG. 40 is a diagram showing another example of price information ofalbum contents.

FIG. 41 is a diagram showing license conditions information.

FIG. 42 is a diagram showing accounting information.

FIG. 43 is a diagram showing another example of accounting information.

FIG. 44 is a diagram showing a list of utilization rights.

FIG. 45 is a diagram showing utilization rights.

FIG. 46 is a diagram showing single contents.

FIG. 47 is a diagram showing album contents.

FIG. 48 is a diagram showing key data for single contents;

FIG. 49 is a block diagram served for explanation of encryptionprocessing of an individual key.

FIG. 50 is a diagram showing key data for album contents.

FIG. 51 is a timing chart showing a mutual authentication process usingsymmetrical key technology.

FIG. 52 is a timing chart showing a mutual authentication process usingasymmetrical key technology.

FIG. 53 is a skeleton block diagram showing transmitting operation ofaccounting information.

FIG. 54 is a skeleton block diagram showing profit distributionprocessing operation.

FIG. 55 is a skeleton block diagram showing transmitting operation of atrack record of contents utilization.

FIG. 56 is a flowchart showing a procedure for distributing andreproducing contents.

FIG. 57 is a flowchart showing a procedure of transmission to a contentsprovider.

FIG. 58 is a flowchart showing a registration procedure of settlementinformation.

FIG. 59 is a flowchart showing a procedure for newly registering anequipment ID.

FIG. 60 is a flowchart showing a procedure of additional registration ofequipment.

FIG. 61 is a flowchart showing a procedure for determining conditionsfor starting to change registration information.

FIG. 62 is a flowchart showing a procedure for updating registrationinformation.

FIG. 63 is a flowchart showing a proxy procedure for updatingregistration information by a fixed apparatus.

FIG. 64 is a flowchart showing a proxy procedure for updatingregistration information by a fixed apparatus.

FIG. 65 is a flowchart showing a transmission procedure of a securecontainer.

FIG. 66 is a flowchart showing a transmission procedure of a securecontainer.

FIG. 67 is a flowchart showing a purchasing procedure of a home server.

FIG. 68 is a flowchart showing a procedure of tampering check whenreading data.

FIG. 69 is a flowchart showing a procedure of tampering check whenwriting data.

FIG. 70 is a flowchart showing a procedure of tampering check whenrewriting data.

FIG. 71 is a flowchart showing a procedure of tampering check whendeleting data.

FIG. 72 is a flowchart showing a procedure for reproducing contents by ahome server.

FIG. 73 is a flowchart showing a procedure for reproducing contents by ahome server.

FIG. 74 is a flowchart showing a proxy purchasing procedure of contentsutilization rights by a home server.

FIG. 75 is a flowchart showing a contents change procedure of apurchased user.

FIG. 76 is a skeleton diagram showing a rule section of a handlingpolicy.

FIG. 77 is a skeleton diagram showing contents of a rule section ofprice information.

FIG. 78 is a skeleton diagram showing an example of changed contents ofrights.

FIG. 79 is a flowchart showing a redistributing procedure of contentsutilization rights.

FIG. 80 is a flowchart showing a purchasing procedure of contentsutilization rights by a fixed apparatus.

FIG. 81 is a skeleton diagram showing transition of a rule section oflicense conditions information.

FIG. 82 is a flowchart showing a moving procedure of management movementrights.

FIG. 83 is a flowchart showing a returning procedure of managementmovement rights.

FIG. 84 is a block diagram showing information sending system accordingto the present invention.

FIG. 85 is a block diagram showing information sending system accordingto the present invention.

FIG. 86 is a flowchart showing a remote reproduction procedure.

FIG. 87 is a flowchart showing a reserved purchase procedure.

FIG. 88 is a flowchart showing a real purchase procedure after areserved purchase.

FIG. 89 is a flowchart showing a proxy purchasing procedure in the casewhere a home server charges.

FIG. 90 is a flowchart showing a proxy purchasing procedure in the casewhere equipment outside the group charges.

FIG. 91 is a conceptual diagram served for explanation of generationmanagement in a movement procedure of management movement rights.

FIG. 92 is a block diagram showing configuration of a recording andreproducing apparatus.

FIG. 93 is a flowchart showing a purchasing procedure of a recording andreproducing apparatus.

FIG. 94 is a flowchart showing a reproducing procedure of a recordingand reproducing apparatus.

FIG. 95 is a flowchart showing a proxy procedure of accountinginformation and a movement procedure of rights.

FIG. 96 is a block diagram showing data flow of an entire electronicmusic distribution system.

FIG. 97 is a flowchart showing an online accounting purchasingprocedure.

FIG. 98 is a block diagram showing configuration of an electronic musicdistribution system.

FIG. 99 is a block diagram showing configuration of a hosting server.

FIG. 100 is a block diagram showing configuration of a KIOSK terminal.

FIG. 101 is a skeleton block diagram showing data flow.

FIG. 102 is a flowchart showing a purchasing procedure of a KIOSKterminal.

FIG. 103 is a flowchart showing a purchasing procedure of a KIOSKterminal.

FIG. 104 is a flowchart showing a purchasing procedure of a KIOSKterminal.

FIG. 105 is a flowchart showing a purchasing procedure of a KIOSKterminal.

FIG. 106 is a flowchart showing another example of a purchasingprocedure of a KIOSK terminal.

FIG. 107 is a flowchart showing another example of a purchasingprocedure of a KIOSK terminal.

FIG. 108 is a diagram showing contents purchase prohibition list.

FIG. 109 is a diagram showing a contents redistribution/repurchase list.

FIG. 110 is a flowchart showing a procedure of contentsredistribution/repurchase.

FIG. 111 is a block diagram showing another configuration of anelectronic music distribution system.

FIG. 112 is a block diagram showing configuration of an electronicdistribution service center of personal computer configuration.

FIG. 113 is a block diagram showing configuration of a contents providerof personal computer configuration.

FIG. 114 is a block diagram showing configuration of a service providerof personal computer configuration.

FIG. 115 is a block diagram showing configuration of a user home networkusing a personal computer.

FIG. 116 is a block diagram showing a conventional example.

FIG. 117 is a block diagram showing configuration of a conventionalrecording and reproducing apparatus.

BEST MODE FOR CARRYING OUT THE INVENTION

An embodiment of the present invention will be hereinafter described indetail with reference to the drawings.

(1) Information Distribution System

FIG. 1 is a diagram illustrating an EMD (Electronic Music Distribution)system 10 to which the present invention is applied. Contents to bedistributed to a user by this system are digital data in which digitaldata itself has value and, in this example, a piece of contentscorresponds to music data for one tune. Contents are provided to a userwith a piece of contents as one unit (single) or a plurality of piecesof contents as one unit (album). The user purchases the contents (infact, purchases a right to utilize a content key K_(co)) and utilizesthe contents to be provided (in fact, decodes the contents using thecontent key K_(co) to utilize the contents). Further, it goes withoutsaying that the system is applicable not only to music data but also toall purchases of contents such as video, games programs and the like.

An electronic service center (END service center) 1 transmits anindividual key K_(i) and a public key certificate of a content provider2 to the content provider 2, transmits a public key certificate of aservice provider 3 to the service provider 3, transmits a delivery keyK_(d) and registration information to a user home network 5, receivescharge information or the like and registration informationcorresponding to use of contents from the user home network 5, settlesan account of utilization fees based on the charge information, andperforms processing for distributing profits to the content provider 2,the service provider 3 and the electronic distribution service center 1itself.

The content provider 2 has digitized contents, inserts an electronicwatermark in the contents in order to prove that the contents is itsown, compresses and encrypts the contents, generates a handling policyof the contents, and transmits the contents to the service provider 3with signature data added.

The service provider 3 adds price information to the contents suppliedby the content provider 2 via a network 4 composed of a dedicated cablenetwork, the Internet or satellite communication, and transmits thecontents to the user home network 5 with signature data added.

The user home network 5 obtains the contents sent by the serviceprovider 3 with the price information added, purchases a contentutilization right and executes purchase processing. The purchasedutilization right may be, for example, a reproduction utilization rightor a right to copy. Then, charge information generated by the purchaseprocessing is stored in an tamper resistant memory in an encryptionprocessing section, and is transmitted to the electronic distributionservice center 1 when the user home network 5 obtains the delivery keyK_(d) from the electronic distribution service center 1.

FIG. 2 is a block diagram showing functions of the electronicdistribution service center 1. A service provider management section 11supplies the public key certificate of the service provider 3 andinformation on profit distribution to the service provider 3, and at thesame time, receives information (price information) to be attached tothe contents, if necessary. A content provider management section 12transmits an individual key K_(i), the individual key K_(i) encrypted bythe delivery key K_(d), and the public key certificate of the contentprovider 2, and at the same time, supplies the information on profitdistribution, and receives information (a handling policy) to beattached to the contents, if necessary. A copying right managementsection 13 transmits information indicating results of contentutilization of the user home network 5 to an organization managingcopying rights, e.g., JASRAC (Japanese Society for Rights of Authors,Composers and Publishers). A key server 14 performs generation,maintenance, management of keys used for the entire system, and theindividual key K_(i) different for each content provider is generatedand the individual key K_(i) encrypted by the delivery key K_(d) isgenerated together, which are supplied to the content provider 2 via thecontent provider management section 12, the individual key K_(i)encrypted by the delivery key K_(d) is supplied to an authenticationstation 22, if necessary, and the delivery key K_(d) is supplied to theuser home network 5 via a user management section 18. In addition, apublic key and a secret key of the electronic distribution center 1 aswell as a public key and a secret key peculiar to equipment maintainedby the user are all generated and managed, the public keys aretransmitted to the authentication station 22 to be utilized forpreparing a public key certificate. Further, in some cases, a save keyK_(save) corresponding to an ID for each apparatus peculiar to anencryption processing section 92 to be described later is generated andmaintained.

An example of periodic transmission of a key from the electronicdistribution service center 1 to the content provider 2 and a homeserver 51 (to be described later) forming the user home network 5 willbe described with reference to FIGS. 3 through 6. FIG. 3 shows thedelivery key K_(d) held by the electronic distribution service center 1,the individual key K_(i), the individual key K_(i) held by the contentprovider 2, and the delivery key K_(d) held by the home server 51 inJanuary 2000 when the content provider starts provision of contents andthe home server 51 forming the user home network 5 starts utilization ofthe contents. Further, although further description is omitted, thecontent provider 2 also maintains the individual key K_(i) encrypted bythe delivery key K_(d) corresponding to the individual key K_(i).

In the example of FIG. 3, the delivery key K_(d) and the individual keyK_(i) are usable from the first day of a calendar month and the last dayof the month, and for example, the delivery key K_(d) being a version 1having a value of “aaaaaaaa” that is a random number of a predeterminednumber of bits, and the individual key K_(i) being a version 1 having avalue “zzzzzzzz” are usable from Jan. 1, 2000 until Jan. 31, 2000 (i.e.,the content key K_(co) for encrypting contents that the service provider3 delivers to the user home network 5 in a period from Jan. 1, 2000until Jan. 31, 2000 is encrypted by the individual key K_(i) being theversion 1, and the individual key K_(i) being the version 1 is encryptedby the delivery key K_(d) being the version 1), the delivery key K_(d)being a version 2 having a value of “bbbbbbbb” that is a random numberof a predetermined number of bits and the individual key K_(i) being aversion 2 having a value of “yyyyyyyy” are usable from Feb. 1, 2000until Feb. 29, 2000 (i.e., the content key K_(co) for encryptingcontents that the service provider 3 delivers to the user home network 5during the period is encrypted by the individual key K_(i) being theversion 2, and the individual key K_(i) being the version 2 is encryptedby the delivery key K_(d) being the version 2). Similarly, the deliverykey K_(d) and the individual key K_(i) being a version 3 is usable inMarch 2000, the delivery key K_(d) and the individual key K_(i) being aversion 4 is usable in April 2000, the delivery key K_(d) and theindividual key K_(i) being a version 5 is usable in May 2000, thedelivery key K_(d) and the individual key K_(i) being a version 6 isusable in June 2000.

Prior to the content provider 2 starting to provide contents, theelectronic delivery service center 1 transmits six individual keys K_(i)of the versions 1 through 6 that are usable from January until June 2000and the individual keys each encrypted by the delivery key K_(d) of theidentical versions to the content provider 2, and the content provider 2receives and stores the six individual keys K_(i) and the individualkeys K_(i) encrypted by the delivery keys K_(d). The contents provider 2stores the individual keys K_(i) for six months ad the individual keysK_(i) encrypted by the delivery keys K_(d) because a predeterminedperiod is needed for the content provider 2 to prepare for encryptionand the like of the contents and the content key K_(co) before providingthe contents.

In addition, prior to the home server 51 starting to utilize thecontents, the electronic distribution service center 1 transmits threedelivery keys K_(d) being the versions 1 through 3 that are usable fromJanuary until March 2000 to the home server 51, and the home server 51receives and stores the three delivery keys K_(d). The home server 51stores the delivery keys K_(d) for three months in order to avoid such asituation in which contents cannot be purchased despite a contract termduring which the contents can be purchased due to such a trouble thatthe home server 51 cannot connect to the electronic distribution servicecenter 1 arising out of congestion of lines or the like, and in order toreduce load of the electronic distribution service center 1 bydecreasing the frequency of connection to the electronic distributionservice center 1 and controlling simultaneous accesses of respectiveapparatuses to the electronic distribution service center 1.

During the period from Jan. 1, 2000 until Jan. 31, 2000, the deliverykey K_(d) and the individual key K_(i) being the version 1 are utilizedin the home server 51 forming the electronic distribution service center1, the content provider 2 and the user home network 5.

Transmission of the delivery key K_(d) and the individual key K_(i) ofthe electronic distribution service center 1 to the content provider 2and the home server 51 on Feb. 1, 2000 will be described with referenceto FIG. 4. The electronic distribution service center 1 transmits sixindividual keys K_(i) of the versions 2 through 7 that are usable fromFebruary 2000 until July 2000 and the individual keys each encrypted bythe delivery keys K_(d) of the identical versions to the contentprovider 2, and the content provider 2 receives the six individual keysK_(i) and the individual keys K_(i) encrypted by the delivery keysK_(d), overwrites the individual keys K_(i) and the individual keysK_(i) encrypted by the delivery keys K_(d) that are stored before thereceipt with the received keys, and stores the new individual keys K_(i)and the individual keys K_(i) encrypted by the delivery keys K_(d). Theelectronic distribution service center 1 transmits three delivery keysK_(d) being the versions 2 through 4 that are usable from February 2000until April 2000 to the home server 51, and the home server 51 receivesthe three delivery keys K_(d), overwrites the delivery keys K_(d) thatare stored before receipt with the received keys, and stores the newdelivery keys K_(d). The electronic distribution service center 1 storesthe delivery keys K_(d) being the versions 1 through 7 and theindividual keys K_(i) as they are. This is for the purpose of making thedelivery keys K_(d) utilized in the past to be available when anunexpected trouble occurs, or an illegality occurs or is found.

During the period from Feb. 1, 2000 until Feb. 29, 2000, the deliverykey K_(d) and the individual key K_(i) being the version 2 are utilizedin the home server 51 forming the electronic distribution service center1, the content provider 2, and the user home network 5.

Transmission of the delivery key K_(d) and the individual key K_(i) ofthe electronic distribution service center 1 to the content provider 2and the home server 51 on Mar. 1, 2000 will be described with referenceto FIG. 5. The electronic distribution service center 1 transmits sixindividual keys K_(i) of the versions 3 through 8 that are usable fromMarch 2000 until August 2000 and the individual keys each encrypted bythe delivery keys K_(d) of the identical versions to the contentprovider 2, and the content provider 2 receives the six individual keysK_(i) and the individual keys K_(i) encrypted by the delivery keysK_(d), overwrites the individual keys K_(i) and the individual keysK_(i) encrypted by the delivery keys K_(d) that are stored before thereceipt with the received keys, and stores the new individual keys K_(i)and the individual keys K_(i) encrypted by the delivery keys K_(d). Theelectronic distribution service center 1 transmits three delivery keysK_(d) being the versions 3 through 5 that are usable from March 2000until May 2000 to the home server 51, and the home server 51 receivesthe three delivery keys K_(d), overwrites the delivery keys K_(d) thatare stored before the receipt with the received keys, and stores the newdelivery keys K_(d). The electronic distribution service center 1 storesthe delivery keys K_(d) being the versions 1 through 8 and theindividual keys K_(i) as they are. This is for the purpose of making thedelivery keys K_(d) utilized in the past to be available when anunexpected trouble occurs, or an illegality occurs or is found.

During the period from Mar. 1, 2000 until Mar. 31, 2000, the deliverykey K_(d) and the individual key K_(i) being the version 3 are utilizedin the home server 51 forming the electronic distribution service center1, the content provider 2, and the user home network 5.

Transmission of the delivery key K_(d) and the individual key K_(i) ofthe electronic distribution service center 1 to the content provider 2and the home server 51 on Apr. 1, 2000 will be described with referenceto FIG. 6. The electronic distribution service center 1 transmits sixindividual keys K_(i) of the versions 4 through 9 that are usable fromApril 2000 until September 2000 and the individual keys each encryptedby the delivery keys K_(d) of the identical versions to the contentprovider 2, and the content provider 2 receives the six individual keysK_(i) and the individual keys K_(i) encrypted by the delivery keysK_(d), overwrites the individual keys K_(i) and the individual keysK_(i) encrypted by the delivery keys K_(d) that are stored before thereceipt with the received keys, and stores the new individual keys K_(i)and the individual keys K_(i) encrypted by the delivery keys K_(d). Theelectronic distribution service center 1, transmits three delivery keysK_(d) being the versions 4 through 6 that are usable from April 2000until June 2000 to the home server 51, and the home server 51 receivesthe three delivery keys K_(d), overwrites the delivery keys K_(d) thatare stored before the receipt with the received keys, and stores the newdelivery keys K_(d). The electronic distribution service center 1 storesthe delivery keys K_(d) being the versions 1 through 9 and theindividual keys K_(i) as they are. This is for the purpose of making thedelivery keys K_(d) utilized in the past to be available when anunexpected trouble occurs, or an illegality occurs or is found.

During the period from Apr. 1, 2000 until Apr. 30, 2000, the deliverykey K_(d) and the individual key K_(i) being the version 4 are utilizedin the home server 51 forming the electronic distribution service center1, the content provider 2, and the user home network 5.

In this way, by distributing the delivery keys K_(d) and the individualkeys K_(i) of the future months in advance, even if a user does notaccess the center at all for one or two months, the user can purchasecontents for the time being, and can received the keys by accessing thecenter in a timely manner.

History data management section 15 (FIG. 2) of the electronicdistribution service center 1 maintains and manages charge informationthat is information indicating results of utilization of the contentscollected by the user management section 18, price information (any oneor both of information sent from the service provider 3 and informationadded to the charge information and sent by the user) corresponding tothe contents, if necessary, and a handling policy (any one or both ofinformation sent from the content provider 2 and information added tothe charge information and sent by the user) corresponding to thecontents, if necessary, and outputs data when the service providermanagement section 11, the content provider management section 12 or thelike utilizes the charge information, the utilization history or thelike. Further, the price information and the handling policy may not besent from the service provider 3 or the content provider 2, if necessarydata is written in the charge information. Profit distribution section16 calculates profits of the electronic distribution service center 1,the content provider 2 and the service provider 3 based on the chargeinformation, the price information, if necessary, and the handlingpolicy supplied from the history data management section 15. Theinformation is supplied to receipt and disbursement section 20, and insome cases, profit distribution is performed via the receipt anddisbursement section 20, or in other cases, payment distribution is notperformed and only the information is transmitted to the serviceprovider management section 11, the content provider management section12, and the copying right management section 13, sales itself is paid tothe service provider, and the service provider 3 distributes the profitto each beneficiary. Mutual authentication section 17 executes mutualauthentication to be described later with predetermined apparatuses inthe content provider 2, the service provider 3 and the user home network5.

The user management section 18 has a user registration database, andwhen receiving a request for registration from an apparatus of the userhome network 5, retrieves through the user registration database, andprepares registration information to the effect that the apparatus is tobe registered or to be rejected registration or the like depending onthe recorded contents. When the user home network 5 is composed of aplurality of apparatuses having a function capable of connecting to theelectronic distribution service center 1, the user management section 18provides for an apparatus to be settled in the registration information,registers a settlement ID, and further provides for a scope ofapparatuses forming the user home network, provides for information suchas suspension of trade, and transmits the information to a predeterminedapparatus (an apparatus that can be settled) of the user home network 5.

An example of the user registration database shown in FIG. 7 illustratesa registration state for each network group established in the user homenetwork 5, and a group ID indicating a group, an ID peculiar to anapparatus forming the home network 5, and information corresponding tothe ID such as whether or not connection is possible with the electronicdistribution service center 1, whether or not settlement processing ispossible, whether or not contents can be purchased, which apparatusperforms the settlement processing, which apparatus requests purchase ofthe contents, whether or not registration is possible, or the like arerecorded in each group.

The group ID recorded in the user registration database is allocated toeach user home network, and settlement and update of information areperformed by this group unit. Therefore, in principle, a representativeapparatus in the group collectively performs communication, settlementprocessing and information update with the electronic distributionservice center 1, and other apparatuses in the group do not directlycommunicate with the electronic distribution service center 1. The IDrecorded in the user registration database is the ID allocated to eachapparatus separately and is used for identifying an apparatus.

Information on whether or not connection with the electronicdistribution service center 1 recorded in the user registration databaseis possible indicates whether or not it possible to physically connectwith the electronic service center 1, and even an apparatus recorded ascapable of connecting, other than an apparatus recorded as capable ofperforming settlement processing, cannot be connected to the electronicdistribution service center 1 in principle. (However, if arepresentative apparatus in a group does not perform settlementprocessing operation due to some reason, an apparatus can be temporarilyconnected to the electronic distribution service center 1 as a proxy).In addition, an apparatus recorded as not capable of connecting outputscharge information or the like to the electronic distribution servicecenter 1 via an apparatus capable of performing settlement processing ofthe user home network 5.

Information on whether or not the settlement processing recorded in theuser registration database is possible indicates whether or not theapparatus can make a settlement. When the user home network 5 iscomposed of a plurality of apparatuses that are capable of performingpurchase or the like of utilization right of contents, one apparatusthat can perform settlement processing among the apparatuses transmitscharge information, price information, if necessary, and a handlingpolicy of all the apparatuses registered in the electronic distributionservice center 1 of the user home network 5 to the electronicdistribution service center 1, and receives the delivery key K_(d) andthe registration information from the electronic distribution servicecenter 1 according to the completion of the settlement processing. Inthis way, processing of the electronic distribution service center 1 isreduced compared with performing processing for each apparatus.

Information on whether or not purchase processing recorded in the userregistration database indicates whether or not the apparatus canpurchase the utilization right of contents. An apparatus that isincapable of purchasing obtains the utilization right of the contents byperforming proxy purchase (this means that another apparatus purchasesthe right and all the right is assigned. No right remains in thesupplier side) of the utilization right from another apparatus capableof purchasing, re-distribution (this means a method in which theutilization right of contents already purchased is purchased again withidentical contents of the utilization right or different contents of theutilization right and supplied to another apparatus. In this case, noright remains in the supplier side. Main purpose of re-distribution isto make a discount. The privilege of discount is granted on conditionthat an apparatus belongs to a group that uses an identical settlementID. This is because processing burden of the electronic distributionservice center 1 is reduced in processing within the group using theidentical settlement ID, and therefore a discount is granted in return),or management transfer (although a content reproduction right,particularly an indefinite reproduction right can be transferred, whichapparatus is a reproduction right receiver is managed in a reproductionright transmitter, and when the reproduction right is not returned, themanagement transfer cannot be performed at all again, and thereproduction right can only be returned to the reproduction righttransmitter that gave the reproduction right).

Here, a utilization method/a utilization right and purchase method ofcontents will be briefly described. As a utilization method of contents,there are two methods, namely a method in which a user itself managesand maintains the utilization right of contents, a method in which auser executes the utilization right held by another apparatus andutilizes the right in the user's own apparatus. As the utilization rightof contents, there are an unlimited reproduction right (a right withoutany limit on a period and the number of times of reproduction ofcontents; if the contents is music contents, the reproduction is soundreproduction, and if the contents is a game program or the like, thereproduction is execution), a reproduction right with limited number oftimes (a right with the number contents can be reproduced is limited),an unlimited copying right (a right without any limit on a period andthe number of times of copying contents), a copying right with limitednumber of times (a right with limit on the number of times of copyingcontents) (as a copying right, there are a copying right without copymanagement information, a copying right with copy management information(SCMS), other copying rights for special purpose media, and the like)(in addition, in some cases, there is a copying right with a limit oftime), and a management transfer right. As a method of purchasing theutilization right, there are utilization right content change forchanging contents of the utilization right already purchased to othercontents, re-distribution for separately purchasing the utilizationright based on the right already purchased by another apparatus, proxypurchase for having another apparatus to purchase the utilization righton behalf of the user's apparatus, album purchase for collectivelypurchasing and managing a plurality of contents utilization rights, andthe like in addition to ordinary purchase for directly purchasing theabovementioned utilization rights.

Information written in a proxy settler recorded in the user registrationdatabase indicates an ID of an apparatus which is made to transmitcharge information generated when the utilization right of contents ispurchased to the electronic distribution service center 1 on behalf ofthe user's apparatus.

In formation written in a proxy purchaser recorded in the userregistration database indicates an ID of an apparatus which performspurchase of the utilization right on behalf of an apparatus that isincapable of purchasing the utilization right of contents. However, ifall the apparatuses within the group that can perform purchaseprocessing are appointed as proxy purchasers, it is not specificallynecessary to make a record.

Information on whether or not a registration recorded in the userregistration database is possible is updated based on information onoutstanding charge, illegal processing or the like supplied from asettlement organization (e.g., a bank) or a credit card company. Inresponse to a request for registration of an apparatus having an ID thatis recorded as registration unavailable, the user management section 18rejects its registration, and the apparatus rejected registration notonly cannot purchase contents of this system but also cannot transmit orreceive data between other apparatuses within the user home network 5thereafter. In addition, in some cases, utilization of purchasedcontents is also limited. (However, an apparatus may be registered againafter it is brought in the electronic distribution service center 1 orthe like and completed inspection). In addition, a state such as“settlement unprocessed,” “temporary suspension” or the like may existin addition to “registration available” and “registration unavailable.”

In addition, the user management section 18 is supplied chargeinformation, registration information, price information, if necessary,and a handling policy from an apparatus in the user home network 5, anoutputs the charge information, price information and the handlingpolicy to the history data management section 15 and supplies thedelivery key K_(d) and the registration information to the apparatus inthe user home network 5. Timing for supplying will be described later.

Here, the registration information will be described with reference toFIG. 8. Registration information of FIG. 8 is added a settlement ID anda signature in addition to information in the user registrationdatabase, and only includes information of an identical settlementgroup. The settlement ID indicates an ID of a user within the userinformation database (e.g., a bank account number and a credit cardnumber) that charge billing section 19 and the receipt and disbursementsection 20 use when performing settlement. Generation of a signaturewill be described later.

Returning to FIG. 2, the charge billing section 19 calculates a chargeto a user based on the charge information, the price information, ifnecessary, and the handling policy supplied from the history datamanagement section 15, and supplies the results to the receipt anddisbursement section 20. In addition, the charge billing section 19supplies settlement information to the user via the user managementsection 18, if necessary. The receipt and disbursement section 20communicates with an external bank or the like (not shown) based on theamounts of disbursements and utilization fees to be collected to andfrom the user, the content provider 2 and the service provider 3, andexecutes settlement processing. Further, in some cases, the receipt anddisbursement section 20 sends all the sales to the service provider 3,and the service provider 3 distributes profits based on distributionmoney information transmitted via the profit distribution section 16. Anaudit section 21 audits justification of the charge information, theprice information and the handling policy supplied from the apparatus inthe user home network 5 in view of the handling policy supplied from thecontent provider 2 and the price information supplied from the serviceprovider 3.

In addition, as the processing of the audit section 21, there areprocessing for auditing matching of an amount inputted from the userhome network 5 and a total amount of distributed profits or an amountsent to the service provider 3, and processing for auditing whether ornot, for example, a content provider ID and a service provider ID thatcould not exist or a share, a price or the like that are improbableexist in data within the charge information supplied from the apparatusin the user home network 5.

The authentication station 22 generates a certificate of the public keysupplied from the key server 14, supplies the certificate to the contentprovider 2 and the service provider 3, and also generates a public keycertificate to be stored in a mass storage section 68 (to be describedlater) of the home server 51 and in small storage section 75 (to bedescribed later) of a fixed apparatus 52 when a user apparatus ismanufactured. If the content provider 2 does not perform authoring ofcontents, as an alternative method, there are a content server 23 forholding the contents and a content authoring 24.

FIG. 9 is a block diagram showing a configuration of functions of thecontent provider 2. The content server 31 stores contents to be suppliedto a user, and supplies the contents to an electronic watermark addingsection 32. The electronic watermark adding section 32 inserts a contentprovider ID in the contents supplied from the content server 31 in theform of an electronic watermark indicating the contents are propertiesof the user, and supplies the contents to a compression section 33. Thecompression section 33 compresses the contents supplied from theelectronic watermark adding section 32 by the method of ATRAC (AdaptiveTransform Acoustic Coding) (trademark) or the like, and supplies thecontents to a content encryption section 34 that is content encryptionmeans. Incidentally, a method such as MP3, AAC or the like can be usedas a compression method instead of ATRAC. The content encryption section34 encrypts the contents compressed by the compression section 33 by acommon key encryption method such as DES (Data Encryption Standard)using a key supplied from a content key generation section 35 (the keyis hereinafter referred to as a content key K_(co) 9), and outputs theresults to a signature generation section 38 that is transmission means.

The content key generation section 35 generates random numbers of apredetermined number of bits to be the content key K_(co), and suppliesthe random numbers from which bit rows inappropriate for encryptioncalled a weak key (e.g., K_(co)=1E1E1E1E0E0E0E0E, IEE01EE00EF00EF0 orthe like) are removed to the content encryption section 34 and thecontent key encryption section 36. When an encryption algorithm withoutsuch an inappropriate bit row is used, processing for removing aninappropriate bit row is unnecessary. The content key encryption section36 encrypts the content key K_(co) by a common key encryption methodsuch as DES using the individual key K_(i) supplied from the electronicdistribution service center 1, and outputs the results to the signaturegeneration section 38. Incidentally, the encryption method is notlimited to DES, and a public key encryption method such as RSA (Rivest,Shamir, Adleman) may be used.

DES is the encryption method for processing with 64 bits of plain textas one block using a common key of 56 bits. Processing of DES consistsof a part for agitating a plain text to convert it to an encryption text(a data agitation section) and a part for generating a key (enlargedkey) to be used in the data agitation section from the common key (a keyprocessing section). Since all the algorithms of DES are made public,only basic processing of the data agitation section will be brieflydescribed.

First, the plain text 64 bits are divided into H0 of the upper 32 bitsand L0 of the lower 32 bits. An output of an F function that is theagitated L0 of the lower 32 bits with the enlarged key K1 of 48 bitssupplied from the key processing section and L0 of the lower 32 bits asinputs. The F function consists of two types of basic conversions of“letter replacement” for replacing a numeral value with a predeterminedrule and “permutation” for changing a bit position with a predeterminedrule. Then, H0 of the upper 32 bits and the output of the F function areexclusively logically summed, and the results are designated as L1. L0is designated as H1.

Based on H0 of the upper 32 bits and L0 of the lower 32 bits, theabove-mentioned processing is repeated sixteen times, and the resultedH16 of the upper 32 bits and L16 of the lower 32 bits are outputted asan encrypted text. Decryption is realized by tracing the above-mentionedprocedures conversely using the common key used for encryption.

Further, although DES is shown as a common key encryption in thisembodiment, either FEAL (Fast Encryption Algorithm), IDEA (InternationalData Encryption Algorithm), or E2 proposed by NTT (trademark) or AES(Advanced Encryption Standard) that is the next encryption standard ofthe United States may be used.

A handling policy generation section 37 generates a handling policy ofcontents and outputs the handling policy to the signature generationsection 38 corresponding to contents to be encrypted. Further, in somecases, the handling policy generation section 37 supplies the generateda handling policy to the electronic distribution service center 1 viacommunicating means (not shown), and the data is maintained and managed.The signature generation section 38 adds an electronic signature to theencrypted content key K_(co), the encrypted individual key K_(i) and thehandling policy, and transmits them to the service provider 3 togetherwith a certificate C_(cp) of the content provider 2. (The encryptedcontents, the encrypted content key K_(co), the encrypted individual keyK_(i) and the handling policy to each of which the electronic signatureis added using a secret key of the content provider 3 are hereinafterreferred to as a content provider secure container). Further, onesignature may be added to entire data instead of adding a signatureseparately to respective data.

A mutual authentication section 39 mutually authenticates with theelectronic distribution service center 1, and mutually authenticate withthe service provider 3 prior to transmitting the content provider securecontainer to the service provider 3, if necessary. Since a memory 40Aholds the individual key K_(i) that the content provider 2 must holdsecretly, a tamper resistant memory that is not easily read by a thirdparty is desired, but no specific hardware limitation is necessary. (Forexample, the memory may be a hard disk existing in a room to which entryis managed, a hard disk of a personal computer that is managed by apassword, or the like). In addition, since a memory 40B only stores theindividual key K_(i) that is encrypted by the delivery key K_(d) and thepublic key certificate of the content provider 2, the memory may be anyordinary storage device or the like since it is information made public,there is no need to keep it secret). Further, the memories 40A and 40Bmay be united.

The signature, which is attached to data or a certificate to bedescribed later, is data for checking tamper and authenticating a personpreparing the certificate, and is prepared by finding a hash value by ahash function based on data that is desired to be transmitted and usinga secret key of a public key encryption.

The hash function and the signature will be described. The hash functionis a function for obtaining predetermined data that is desired to betransmitted, compressing the data into data with a predetermined bitlength, and outputting the data as a hash value. The hash function has acharacteristic that is difficult to estimate an input from the hashvalue (output), and when one bit of the data inputted in the hashfunction changes, many bits of the hash value change, and it isdifficult to find out input data having the identical hash value. As thehash function, MD (Message Digest) 4, MD 5, SHA (Secure HashAlgorithm)-1 and the like are used.

The signature generation section 38 of a transmission apparatus (thecontent provider 2) for transmitting data and a signature, for example,generates a signature using an elliptical curve encryption that is apublic key encryption method. The processing will be described withreference to FIG. 10 (EC-DSA (Elliptic Curve Digital SignatureAlgorithm), IEEE P1363/D3). In step S1, M is a message, p is acharacteristic, a and b are coefficients of an elliptic curve (ellipticcurve: y²=x³+ax+b), G is a base point on the elliptic curve, r is adigit of G, and K_(s) is a secret key (0<K_(s)<r). In step S2, a randomnumber u is generated by the random number generation unit such that0<u<r. In step S3, coordinates where the base point is multiplied by uare calculated. Further, an addition on the elliptic curve and a twotimes multiplication are defined as follows:

When P=(X₀,Y₀), Q=(X₁,Y₁), R=(X₂,Y₂)=P+Q, and P≠Q,

X ₂=λ² −X ₀ −X ₁

Y ₂=λ(X ₀ −X ₂)−Y ₀

λ=(Y ₁ −Y ₀)/(X ₁ −X ₀)

When P=Q,

X ₂=λ²−2X ₀

Y ₂=λ(X ₀ −X ₂)−Y ₀

λ=(3X ₀ ² +a)/2Y ₀

and u times the point G is calculated using the above equations (Mostunderstandable though slow operation method is as follows: calculate G,2G, 4G . . . , and add to where there is 1 by binary number developing ucorresponding (2^(i))×G (i is a bit position when counted from LSB ofu)). In step S4, c=X_(v) mod r is calculated, in step S5, it isdetermined if the value is 0, and if it is not 0, the processingproceeds to step S6, where the hash value of the message M iscalculated, and f=SHA-1 (M). Then, in step S7, d=[(f+cK_(s))/u] mod r iscalculated, and in step S8, it is determined if d is 0. If d is not 0, cand will be signature data. Assuming that r has the length of 160 bits,the signature data has 320 bit length.

In step S5, if c is 0, the processing returns to step S2 and a newrandom number is generated. If d is 0 in step S8, the processing alsoreturns to step S2 and another random number is generated.

A receiving apparatus (the user home network 5) having received thesignature and the data, for example, verifies the signature using theelliptic curve encryption that is a public key encryption method. Theprocessing will be described with reference to FIG. 11. In step S10, Mis a message, p is a characteristic, a and b are coefficients of theelliptic curve (elliptic curve: y²=x³+ax+b), G is a base point on theelliptic curve, r is a digit of G, G and K_(s) G are public keys(0<K_(s)<r). In step S11, it is inspected if the signature data c and dsatisfy 0<c, d<r. If the signature data satisfy this, in step S12, thehash value of the message M is calculated, and f=SHA-1 (M). Then, instep S13, h=1/d mod r is calculated, and in step S14 h₁=fh, h₂=ch mod ris calculated. In step S15, P=(X_(p),Y_(p))=h₁G+h₂K_(s)G is calculatedusing already calculated h₁ and h₂. Since a verifier of the signatureknows the public keys G and K_(s)G, calculation can be made as in stepS3. Then, in step S16, it is determined if P is an infinite apoastron,and if it is not an infinite apoastron, the processing proceeds to stepS17 (in fact, the determination of the infinite apoastron is completedin step S15. That is, when an addition of P=(X,Y), Q=(X,−Y) isperformed, it has been found that the aforementioned λ cannot becalculated, and R is the infinite apoastron. In step S17, X_(p) mod r iscalculated, and the result is compared with the signature data c. Ifboth the values match, the processing proceeds to step S18, and it isdetermined that the signature is correct.

If the signature is determined to be correct, it is seen that thereceived data is not tampered, and is the data transmitted from thetransmission apparatus holding the secret key corresponding to thepublic key.

In step S11, if the signature data c and d do not satisfy 0<c, d<r, theprocessing proceeds to step S19. In addition, in step S16, if P is theinfinite apoastron, the processing also proceeds to step S19. Moreover,in step S17, if the value of X_(p) mod r does not match the signaturedata c, the processing also proceeds to step S19. In step S19, it isdetermined that the signature is not correct.

If it is determined that the signature is not correct, it is seen thatthe received data is tampered or is not data transmitted from thetransmission apparatus holding the secret key corresponding to thepublic key.

Further, although SHA-1 is used as the hash function in this embodiment,any function such as MD4, MD 5 and the like may be used. In addition,generation and verification of a signature may be performed using an RSAencryption (ANSI X9.31-1).

Encryption and decryption of the public key encryption method will nowbe described. Contrary to the common key encryption method using anidentical key (common key) in encryption and decryption, the public keyencryption method uses different keys to be used for encryption anddecryption respectively. If the public key encryption method is used,even if one key is made public, the other key can be kept secret, andthe key that may be made public is called a public key and the other keythat should be kept secret is called a secret key.

The elliptic curve encryption method that is representative of thepublic key encryption method will be described. In FIG. 12, in step S20,M_(x) and M_(y) are messages, p is a characteristic, a and b arecoefficients of an elliptic curve (elliptic curve: y²=x³+ax+b), G is abase point on the elliptic curve, r is a digit of G, G and K_(s)G arepublic keys (0<K_(s)<r). In step S21, a random number u is generatedsuch that 0<u<r. In step S22, coordinates V that are u times the publickey K_(s)G. Further, since scalar times on the elliptic curve isidentical with the method described in the signature generation,description is omitted here. In step S23, the X coordinates of V aremultiplied by M_(x) to find a balance by p, which is X₀. In step S24,the Y of V is multiplied by M_(y) to find a balance by p, which is Y₀.Further, if the length of the message is smaller than the number of bitsof p, M_(y) uses a random number, and M_(y) is cancelled in thedecryption section. In step S25, uG is calculated, and in step S26, acryptogram uG, (X₀,Y₀) is found.

Decryption of the public key encryption method will now be describedwith reference to FIG. 13. In step S30, uG, (X₀,Y₀) is cryptogram data,p is a characteristic, a and b are coefficient of an elliptic curve(elliptic curve: y²=x³+ax+b), G is a base point on the elliptic curve, ris a digit of G, and K_(s) is a secret key (0<K_(s)<r). In step S31, theencryption data uG is multiplied by the secret key K_(s). In step S32,the X coordinates of (X₀,Y₀) among the encryption data is taken out, andX₁=X₀/X_(v) mod p is calculated. In step S33, Y₁=Y₀/Y_(v) mod p iscalculated. Then, in step S34, X₁ is M_(x) and Y₁ is M_(y) to take outthe message. Then, if M_(y) is not the message, Y₁ is cancelled.

In this way, in the public key encryption method, with the secret keybeing K_(s) and the public keys being G, K_(s)G, a key to be used forencryption and a key to be used for decryption may be different keys.

In addition, as another example of the public key encryption method, theRSA encryption (Rivest, Shamir, Adleman) is known.

FIG. 14 is a block diagram showing a configuration of the serviceprovider 3. A content sever 41 stores the public key certificate and theencrypted contents of the content provider 2 that are supplied from thecontent provider 2. The public key certificate of the content provider 2is verified a signature on the certificate by the public key of theauthentication station 22 in a certificate inspection section 42, and ifthe verification is successful, the public key of the content provider 2is supplied to the signature verification section 43. In the signatureverification section 43, the signature of the content provider 2 withrespect to the handling policy stored in the content server 41 isverified using the public key of the content provider 2 that is verifiedbefore, and if the verification is successful, the handling policy aresupplied to a pricing section 44. In the pricing section 44, priceinformation is prepared from the handling policy and supplied to asignature generation section 45. In the signature generation section 45,a signature with respect to the price information is generated using thesecret key of the service provider 3 held in a tamper resistant memory(not shown) (as in 40A of the content provider 2) (the content providersecure container and the price information with an electronic signatureadded using the secret key of the service provider 3 are hereinafterreferred to as a service provider secure container). Further, onesignature may be generated for the entire content provider securecontainer and price information instead of adding a signature to theprice information. Then, the service provider secure container, thepublic key certificate of the content provider 2 and the public keycertificate of the service provider 3 are supplied to the user homenetwork 5 via the network 4 (FIG. 1). A mutual authentication section 46mutually authenticates with the electronic distribution service center,and if possible, mutually authenticates with the user home network 5 viathe content provide, the Internet, cable communication or the like, ifnecessary.

FIG. 15 is a block diagram showing a configuration of the user homenetwork 5. A home server 51 receives a secure container containingcontents from the service provider 3 via the network 4, purchases theutilization right of the contents, and performs decryption, extension,reproduction and copying of the contents by executing the right.

The communication section 61 communicates with the service provider 3 orthe electronic distribution service center 1 via the network 4, andreceives or transmits predetermined information. An upper controller 62receives a signal from inputting means 63, displays a predeterminedmessage or the like on displaying means 64, performing utilization rightpurchase processing or the like by utilizing an encryption processingsection 65, supplies encrypted contents read out from mass storagesection 68 to an extension section 66, and stores the encrypted contentsin the mass storage section 68. The inputting means 63 transmits asignal from a remote controller or input data from an input button tothe upper controller 62. The displaying means 64 is composed of adisplay device such as a liquid crystal display, and sends aninstruction to a user and displays information. The inputting means 63and the displaying means 64 become a touch panel liquid crystal displayor the like, if necessary, ad may be united as one means. The encryptionprocessing section 65 mutually authenticates with the service provider3, the electronic distribution service center 1 or encryption processingsections of other apparatuses, purchases the content utilization right,and at the same time, performs encryption/decryption of predetermineddata, manages an external memory that holds the content key K_(co) andlicensing conditions information, and further stores the delivery keyK_(d), the charge information or the like. The extension section 66mutually authenticates with the encryption processing section 65 toreceive the content key K_(co), decrypts the encrypted contents suppliedfrom the upper controller 62 using the content key K_(co), extends thecontents by a predetermined method such: as ATRAC, and further inserts apredetermined electronic watermark in the contents. The external memory67 is composed of a nonvolatile memory such as a flash memory or anonvolatile memory with a back-up power source, and stores the contentkey K_(co) decrypted by the save key K_(save) and the license conditionsinformation. The mass storage section 68 is a storage device such as anHDD or an optical disk, which stores the content provider securecontainer and the service provider secure container (the encryptedcontents, the content key K_(co) encrypted by the individual key K_(i),the individual key K_(i) encrypted by the delivery key K_(d), thehandling policy, the price information and the signatures on them), thepublic key certificate, the registration information or the like.

The encryption processing section 65 for mutually authenticating withthe electronic distribution service center 1, purchasing the contentutilization right and, at the same time, generating the chargeinformation, performing decryption/encryption of predetermined data,managing an external memory holding the content key K_(co) and thelicense conditions information, and further storing the delivery keyK_(d), the charge information or the like is composed of a controlsection 91, a storage module 92, a registration information inspectionmodule 93, a purchase processing module 94, a mutual authenticationmodule 95, an encryption/decryption module 96, and an external memorycontrol section 97. The encryption processing section 65 is composed ofa single chip IC exclusively for encryption processing, has amulti-layered structure, and has characteristics for making it difficultto read out data illegally from outside (tamper resistant feature) inthat a memory cell inside is sandwiched by dummy layers such as aluminumlayers and a width of voltage or frequency of operation is narrow.

The control section 91 controls each module according to a command fromthe upper controller 62, and at the same time, returns a result fromeach module to the upper controller 62. The storage module 92 storesdata such as the charge information supplied from the purchaseprocessing module 94 and the delivery key K_(d), and supplies data suchas the delivery key K_(d) when other function blocks executepredetermined processing. The registration information inspection module93 inspects the registration information supplied from the uppercontroller 62, and determined whether or not to mutually authenticatewith other apparatuses in the user home network 5, whether or not toaccept the charge information, whether or not to perform re-distributionor the like of the contents. The purchase processing module 94 generateslicense conditions information anew from the handling policy and theprice information (as well as already holding license conditionsinformation depending on a case) included in the secure containerreceived from the service provider 3 to output to the external memorycontrol section 97 or the control section 91, and generates chargeinformation to output to the storage module 92. The mutualauthentication module 95 executes mutual authentication with theelectronic distribution service center 1, the encryption processingsections of other apparatuses in the home network 5 and the extensionsection 66, and generates a temporary key K_(temp) (a session key), ifnecessary to supply to the encryption/decryption module 96.

The encryption/decryption module 96 is composed of a decryption unit111, an encryption unit 112, a random number generation unit 113, asignature generation unit 114, and a signature verification unit 115.The decryption unit 111 decrypts the individual key K_(i) encrypted bythe delivery key K_(d), decrypts the content key K_(co) encrypted by theindividual key K_(i), and decrypts various kinds of data encrypted bythe temporary key K_(temp). The encryption unit 112 encrypts thedecrypted content key K_(co) by the save key K_(save) held in thestorage module 92 to output to the external memory control section 97via the control section 91, and encrypts various kinds of data by thetemporary key K_(temp). The random number generation unit 113 generatesa random number of a predetermined number of figures, and supplies therandom number to the mutual authentication module 95 or the signaturegeneration unit 114. The signature generation unit 114 calculates thehash value of the message supplied from the control section 91, andgenerates signature data using the random number supplied from therandom number generation unit 113 to output to the control section 91.The signature verification unit 115 determines whether or not thesignature is correct from the message and the signature data suppliedfrom the control section, and output the results to the control section91. Further, the generation/verification method of the signature is thesame as the case described above with reference to FIGS. 10 and 11.

The external memory control section 97 reads and writes data bycontrolling the external memory 67, and performs data verification tofind if the data in the external memory has been tampered. FIG. 16 is ablock diagram illustrating operations of the external memory controlsection 97. In FIG. 16, N hash values for preventing tampering(integrity Check Value) are stored in the storage module 92. Theexternal memory 67 is divided into N blocks of data regions, and eachdata region is made such that M sets of content key K_(co) and thelicense conditions information can be written. In addition, otherregions that can be used freely are also prepared in the external memory67. The hash value ICV for preventing tampering has a hash value for allthe data in the external memory 67 corresponding to the hash value ICV.Reading procedures and writing procedures of the external memory will bedescribed later using a flowchart.

The extension section 66 (FIG. 15) for decrypting and extending contentsand adding a predetermined electronic watermark is composed of a mutualauthentication module 101, a key decryption module 102, a decryptionmodule 103, an extension module 104, an electronic addition module 105and a storage module 106. The mutual authentication module 101 mutuallyauthenticates with the encryption processing section 65, and outputs thetemporary key K_(temp) to the key decryption module 102. The keydecryption module 102 decrypts by the temporary key K_(temp) the contentkey K_(co) read out from the external memory 67 and encrypted by thetemporary key K_(temp) to output to the decryption module 103. Thedecryption module 103 decrypts the contents recorded in the mass storagesection 68 by the content key K_(co) to output to the extension module104. The extension module 104 further extends the decrypted contentswith a method such as ATRAC to output to the electronic watermarkaddition module 105. The electronic watermark addition module 105inserts to the contents the individual ID of the encryption processingsection to which the purchase processing has been applied using theelectronic watermark technology to output to other apparatuses or aspeaker (not shown), and reproduces music.

Key data required for the mutual authentication with the encryptionprocessing section 65 is stored in the storage module 106. Further, theextension section 66 is desirably provided with the tamper resistantfeature.

The external memory 67 stores the license conditions informationgenerated when the right is purchased in the purchase processing module94 and the content key K_(co) encrypted by the save key K_(save). Themass storage section 68 records the secure container, the public keycertificate, the registration information or the like supplied from theservice provider 3.

The fixed apparatus 52 for recording the contents supplied from theservice provider 3 in an inserted recording medium 80 such as an opticaldisk and a semiconductor memory and reproducing the recording media iscomposed of a communication section 71, an upper controller 72, anencryption processing section 73, an extension section 74, a smallstorage section 75, a record reproduction section 76, inputting means77, displaying means 78, an external memory 79 and a recording medium80. Since the communication section 71 has the same function as thecommunication section 61, its description is omitted. Since the uppercontroller 72 has the same function as the upper controller 62, itsdescription is omitted. Since the encryption processing section 73 hasthe same function as the encryption processing section 65, itsdescription is omitted. Since the extension section 74 has the samefunction as the extension section 66, its description is omitted.Although the small storage section 75 has the same function as the massstorage section 68, contents themselves are not stored and only thepublic key certificate, the registration information or the like arestored. The record reproduction section 76 has the recording medium 80such as an optical disk and a semiconductor memory inserted therein,records contents in the recording medium 80 and output the read outcontents to the extension section. Since the inputting means 77 has thesame function as the inputting means 63, its description is omitted.Since the displaying means 78 has the same function as the displayingmeans 64, its description is omitted. Since the external memory 79 hasthe same function as the external memory 67, its description is omitted.The recording medium 80 is, for example, an MD (Mini Disk: trademark) ora storage medium exclusively used for electronic distribution (MemoryStick using a semiconductor memory: trademark).

A portable apparatus 53 that is carries by a user to reproduce and enjoymusic is composed of a communication section 81, an upper controller 82,an encryption processing section 83, an extension section 84 and anexternal memory 85. Since the communication section 81 has the samefunction as the communication section 61, its description is omitted.Since the upper controller 82 has the same function as the uppercontroller 62, its description is omitted. Since the encryptionprocessing section 83 has the same function as the encryption processingsection 65, its description is omitted. Since the extension section 84has the same function as the extension section 66, its description isomitted. Since the external memory 85 has the same function as theexternal memory 67, its description is omitted. However, these memoriesare not limited to a semiconductor memory, and may be any memory such asan HDD and a rewritable optical disk.

FIG. 17 illustrates a configuration of the recording media exclusivelyfor electronic distribution. A recording medium 120 for storingelectronically distributed contents is composed of a communicationsection 121, the encryption processing section 122, and the externalmemory 123. The communication section 121 performs transmission andreception of data with the record reproduction section 76 of the fixedapparatus 52 (FIG. 15). Since the encryption processing section 122 formutually authenticating with the fixed apparatus 52, being assigned thecontent utilization right, performing decryption/encryption ofpredetermined data, managing the external memory holding the content keyK_(co), the license conditions information and the like, and storing thesave key K_(save) or the like has a configuration having the samefunction as the encryption processing section 65, its description isomitted. The external memory 123 stores the content key K_(co) encryptedby the save key K_(save), contents encrypted by the content key K_(co),the license condition information providing conditions for use of thecontents, a handling policy, if necessary, and price information.

The recording media exclusively for electronic distribution 120 has amethod of using different from the recording medium described for thefixed apparatus 52. While the ordinary recording medium 80 is asubstitute for the mass storage section 68, the recording mediumexclusively for electronic distribution 120 is not different from aportable apparatus that does not have the extension section. Therefore,although an apparatus such as the fixed apparatus 52 having theextension section 74 is necessary when reproducing contents, therecording medium exclusively for electronic distribution 120 can performprocessing similar to that of the home server 51 or the portableapparatus 53 concerning the function for managing the contents or thelike. Due to these differences, while contents recorded in the ordinaryrecording medium 80 cannot be reproduced by an apparatus other than theone that has recorded the same, contents recorded in the recordingmedium exclusively for electronic distribution 120 can be reproduced byan apparatus other than the one that has recorded the same. That is,since the ordinary recording medium 80 only has contents encrypted bythe content key K_(co), the contents cannot be reproduced by anapparatus other than the one that has (has recorded) the content keyK_(co). On the other hand, since the recording medium exclusively forelectronic distribution 120 retains not only the contents encrypted bythe content key K_(co) but also the content key K_(co) encrypted by thesave key K_(save) peculiar to the recording medium exclusively forelectronic distribution, the contents can be reproduced by otherapparatuses.

That is, after performing mutual authentication between the mutualauthentication module 128 of the encryption processing section 122 andthe mutual authentication module (not shown) of the encryptionprocessing section 73, the recording medium exclusively for electronicdistribution 120 decrypts the content key K_(co) by the save keyK_(save3), encrypts the content key K_(co) by the shared temporary keyK_(temp) to transmit to the encryption processing section 73 forreproducing.

FIG. 18 is a block diagram illustrating a data recording state in eachapparatus. In the home server 51, an individual ID for specifying anapparatus (identical with the one for specifying the encryptionprocessing section), an ID for settlement to be used for chargeprocessing (which can be substituted by the individual ID, if necessary,or may be unnecessary because it is in the registration information), asecret key different for each apparatus, the save key K_(save), thepublic key of the electronic distribution service center 1 to be usedwhen mutually authenticating with the electronic distribution servicecenter 1 (unnecessary if there is the public key certificate of theelectronic distribution service center 1), the public key of theauthentication station 22 for verifying the public key certificate, andthe common key to be used when mutually authenticating with theextension section 66 are stored in the storage module 92 in theencryption processing section 65. These data are data that are stored inadvance when an apparatus is manufactured. On the other hand, thedelivery key K_(d) to be periodically distributed from the electronicdistribution service center 1, the charge information to be written uponthe purchase processing, the content key K_(co) held in the externalmemory 67, and the hash value for tamper checking of the licenseconditions information are data that are stored after starting use anapparatus, and are also stored in the storage module 92. The individualID for specifying the extension section and the common key to be usedwhen mutually authenticating with the encryption processing section 65are stored in the storage module 106 in the extension section 66 inadvance when an apparatus is manufactured. Further, since the encryptionprocessing section 65 and the extension section 66 are associated one toone, IDs of each section may be held by respective storage modules(since the mutual authentication is performed by the common key, as aresult, communication can only be made between the correspondingencryption processing section and the extension section associated witheach other. However, processing may be the mutual authentication of thepublic key encryption method. In this case, a stored key is not thecommon key, but the secret key peculiar to the extension section 66).

The content key K_(co) that is encrypted by the save key K_(save) to beused when contents are decrypted, and the license conditions informationindicating conditions for utilizing the content key K_(co) are stored inthe external memory 67. In addition, the certificate (the public keycertificate of an apparatus) of the public key corresponding to thesecret key for each apparatus in the storage module 92, the registrationinformation, the content provider secure container (contents encryptedby the content key K_(co) and its signature, the content key K_(co)encrypted by the individual key K_(i) and its signature, the individualkey K_(i) encrypted by the delivery key K_(d) and its signature, and thehandling policy and its signature), the service provider securecontainer (the price information and its signature), the public keycertificate of the content provider 2, and the public key certificate ofthe service provider 3 are stored in the mass storage section 68.

The encryption processing section 83 that is identical with theencryption processing section 65 held by the home server 51 and theexternal memory 85 that is identical with the external memory 67 areprovided in the portable apparatus 53 (the one having the identicalinternal data is omitted, e.g., the extension section). However, data tobe stored inside these memories is slightly different as shown in thefigure. As the data retained by the storage module in the encryptionprocessing section 83, the individual ID for specifying an apparatus,the secret key that is different for each apparatus, the save keyK_(save), the public key of the electronic distribution service center 1to be used when mutually authenticating with the electronic distributionservice center 1 (however, it is not necessary to have the home server51 to perform all the procedures with the electronic distributionservice center 1 on its behalf), the public key of the authenticationstation 22 for verifying the public key certificate, and the common keyto be used when mutually authenticating with the extension section 84are stored. These data are data that are stored in advance when anapparatus is manufactured. In addition, the hash value for checkingtamper of the content key K_(co) and the license conditions informationto be retained in the external memory 85, the ID for settlement, ifnecessary, the delivery key K_(d), and (a part of) the registrationinformation (if the purchase processing is not performed, the ID forsettlement and the delivery key K_(d) are not necessary) are data to bestored after starting an apparatus, which are also stored (if thepurchase processing is performed, the charge information is stored aswell). The certificate of the public key corresponding to the secret keyfor each apparatus in the encryption processing section 83, the contentsencrypted by the content key K_(co) and its signature (in addition, insome cases, the content key K_(co) encrypted by the individual key K_(i)and its signature, if necessary, the individual key K_(i) encrypted bythe delivery key K_(d) and its signature, the handling policy and itssignature, if necessary, and the price information and its signature arealso stored), the content key K_(co) encrypted by the save key K_(save)to be used for decrypting the contents, the license conditionsinformation indicating conditions for utilizing the contents are storedin the external memory 85. A public key certificate for the contentprovider 2 and the public key certificate for the service provider 3 arealso stored, if necessary.

The recording medium 80 is provided in the fixed apparatus 52 inaddition to the configuration of the home server 51. The recordingmedium 80 may be an ordinary MD or CD-R, or may be a storage mediumexclusively for electronic distribution. In the former case, althoughdata to be stored is decrypted contents with a copy prohibit signaladded, encrypted contents may be naturally included (the content keyK_(co) encrypted by the save key K_(save) may be stored together. Then,only an apparatus that stores the contents can reproduce the contents.This is because the save key K_(save) is different for each apparatus).

In addition, as the storage medium, FIG. 19 is possible. In the storagemedium exclusively for electronic distribution 120, the individual ID ofthe recording medium, the secret key different for each recordingmedium, the public key certificate corresponding to the secret key(which may be recorded in the external memory 123), the save keyK_(save) to be used for encrypting the content key K_(co) (which aregenerally different for each storage medium), the public key of theelectronic distribution service center 1 (which is not required if thereis not communication with the center or if the public key certificate ofthe electronic distribution service center 1 exists in the externalmemory 123), the public key of the authentication station, the hashvalue for inspecting tamper of the external memory 123, and (a part of)the registration information are stored in a storage module 125 in theencryption processing section 122. The contents encrypted by the contentkey K_(co) (and its signature), and the content key K_(co) and thelicense conditions information encrypted by the save key K_(save) arestored in the external memory 123, and the handling policy (and itssignature), the price information (and its signature), the public keycertificate of the content provider 2, and the public key certificate ofthe service provider 3 are also stored, if necessary.

FIGS. 20 and 21 are drawings for illustrating information to betransmitted and received among the electronic distribution servicecenter 1, the content provider 2, the service provider 3, and the userhome network 5. The content provider 2 adds the public key certificate(whose details will be described later) of the content provider 2 to thecontent provider secure container (whose details will be describedlater) and sends it to the service provider 3. In addition, the contentprovider 2 transmits the handling policy and its signature, and thecertificate of the content provider 2 to the electronic distributionservice center 1, if necessary.

The service provider 3 verifies the public key certificate of thecontent provider 2, obtains the public key of the content provider 2,and verifies the signature of the received content provider securecontainer (in some cases, verifies only the handling policy). Aftersuccessfully verifying the signature, the service provider 3 takes outthe handling policy from the content provider secure container, andgenerates the price information based on the handing policy, and makesit the service provider secure container by adding the signature to theprice information (details will be described later). The contentprovider secure container, the service provider secure container, thepublic key certificate of the content provider 2, and the public keycertificate of the service provider 3 (whose details will be describedlater) are transmitted to the user home network 5. In addition, theservice provider 3 transmits the price information and its signature,and the public key certificate of the service provider 3 to theelectronic distribution service center 1, if necessary.

After verifying the received secure containers, the user home network 5performs the purchase processing based on the handling policy and theprice information included in the secure containers, generates thecharge information to store in the storage module in the encryptionprocessing section, generates the license conditions information,decrypts the content key K_(co) and re-encrypts the same by the save keyK_(save), and stores the license conditions information and there-encrypted content key K_(co) in the external memory 67. Then, theuser home network 5 decodes the content key K_(co) by the save keyK_(save) along the license conditions information, and decrypts thecontents by the key to utilize. The charge information is encrypted bythe temporary key K_(temp) at a predetermined timing, added a signature,and transmitted to the electronic distribution service center 1 togetherwith the handling policy and the price information, if necessary.

The electronic distribution service center 1 calculates usage fees basedon the charge information and the price information, and calculatesprofits of each of the electronic distribution service center 1, thecontent provider 2 and the service provider 3. The electronicdistribution service center 1 further compares the handling policyreceived from the content provider 2, the price information and thehandling policy, if necessary, received from the service provider 3, andthe handling policy and the price information received from the userhome network 5, and monitors whether or not illegality such as tamperingof the handling policy or illegal addition of prices has occurred in theservice provider 3 or the user home network 5.

Moreover, the electronic distribution service center 1 transmits thepublic key certificate of the content provider to the content provider2, and transmits the public key certificate of the service provider tothe served provider 3. In addition, since the public key certificateprepared according to each apparatus is embedded in each apparatus whenthe apparatus is shipped from a factory, the electronic distributionservice center 1 transfers the data concerning the public keycertificate of each apparatus to the factory.

FIG. 22 illustrates the content provider secure container. The contentprovider secure container 1A includes the contents encrypted by thecontent key K_(co) and its signature, the content key K_(co) encryptedby the individual key K_(i) and its signature, the individual key K_(i)encrypted by the delivery key K_(d) and its signature, and the handlingpolicy and its signature. The signature is data generated by applyingthe secret key K_(scp) of the content provider 2 to a hash valuegenerated by applying the hash function to each piece of data. Further,although a signature is generated separately for each of the key data(the content key K_(co) encrypted by the individual key K_(i) and theindividual key K_(i) encrypted by the delivery key K_(d)) and added inthe case of FIG. 22, each piece of key data (the content key K_(co)encrypted by the individual key K_(i) and the individual key K_(i)encrypted by the delivery key K_(d)) may be consolidated into one, andone signature may be generated for the consolidated data and added. Byconsolidating the key data to be always used together into one andadding a signature to the consolidated data, one verification of thesignature is sufficient.

FIG. 23 illustrates another example of the content provider securecontainer. The content provider secure container 1B includes thecontents encrypted by the content key K_(co) and its signature, thecontent key K_(co) encrypted by the individual key K_(i) and itssignature, and a handling policy and its signature.

FIG. 24 illustrates another example of the content provider securecontainer. The content provide secure container 1C includes the contentsencrypted by the content key K_(co), the content key K_(co) encrypted bythe individual key K_(i), the individual key K_(i) encrypted by thedelivery key K_(d), a handling policy and signatures. The signature isdata generated by applying the secret key K_(scp) of the contentprovider 2 to a hash value generated by applying a hash function to thecontents encrypted by the content key K_(co), the content key K_(co)encrypted by the individual key K_(i), the individual key K_(i)encrypted by the delivery key K_(d), and a handling policy.

FIG. 25 illustrates another example of the content provider securecontainer. The content provider secure container 1D includes thecontents encrypted by the content key K_(co), the content key K_(co)encrypted by the individual key K_(i), a handling policy and signatures.The signature is data generated by applying the secret key K_(scp) ofthe content provider 2 to a hash value generated by applying a hashfunction to the contents encrypted by the content key K_(co), thecontent key K_(co) encrypted by the individual key K_(i), and a handlingpolicy.

FIG. 26 illustrates the public key certificate of the content provider2. The public key certificate 2A of the content provider 2 includes aversion number of the public key certificate, a serial number of thepublic key certificate to be allocated to the content provider 2 by theauthentication station, an algorithm and a parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, a name of the content provider 2, the publickey K_(pcp) of the content provider 2, and signatures. The signature isdata generated by applying the secret key K_(sca) of the authenticationstation to a hash value generated by applying a hash function to theversion number of the public key certificate, a serial number of thepublic key certificate to be allocated to the content provider 2 by theauthentication station, an algorithm and a parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, and a name of the content provider 2, thepublic key K_(pcp) of the content provider 2.

FIG. 27 illustrates another example of the public key certificate of thecontent provider 2. The public key certificate 2B of the contentprovider 2 includes a version number of the public key certificate, aserial number of the public key certificate to be allocated to thecontent provider 2 by the authentication station, an algorithm and aparameter used for the signature, a name of the authentication station,an effective period of the public key certificate, a name of the contentprovider 2, the public key K_(pcp) of the content provider 2, theindividual key K_(i) encrypted by the delivery key K_(d), andsignatures. The signature is data generated by applying the secret keyK_(sca) of the authentication station to a hash value generated byapplying a hash function to a version number of the public keycertificate, a serial number of the public key certificate to beallocated to the content provider 2 by the authentication station, analgorithm and a parameter used for the signature, a name of theauthentication station, an effective period of the public keycertificate, a name of the content provider 2, the public key K_(pcp) ofthe content provider 2, and the individual key K_(i) encrypted by thedelivery key K_(d).

FIG. 28 illustrates yet another example of the public key certificate ofthe content provider 2. The public key certificate 2B of the contentprovider 2 includes a version number of the public key certificate, aserial number of the public key certificate to be allocated to thecontent provider 2 by the authentication station, an algorithm and aparameter used for the signature, a name of the authentication station,an effective period of the public key certificate, a name of the contentprovider 2, the public key K_(pcp) of the content provider 2, apredetermined type of data that is a part of the individual key K_(i)encrypted by the delivery key K_(d), and signatures. The signature isdata generated by applying the secret key K_(sca) of the authenticationstation to a hash value generated by applying a hash function to aversion number of the public key certificate, a serial number of thepublic key certificate to be allocated to the content provider 2 by theauthentication station, an algorithm and an parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, a name of the content provider 2, the publickey K_(pcp) of the content provider 2, and a predetermined type of datathat is a part of the individual key K_(i) encrypted by the delivery keyK_(d).

FIG. 29 illustrates the service provider secure container. The serviceprovider secure container 3A is comprised of price information andsignatures. The signature is data generated by applying the secret keyK_(ssp) of the service provider 3 to a hash value generated by applyinga hash function to price information, if necessary.

FIG. 30 illustrates another example of the service provider securecontainer. The service provider secure container 3B includes the contentprovider secure container, price information and signatures. Thesignature is data generated by applying the secret key K_(ssp) of theservice provider 3 to a hash value generated by applying a hash functionto the content provider secure container and the price information.

FIG. 31 illustrates the public key certificate of the service provider3. The public key certificate 4A of the service provider 3 includes aversion number of the public key certificate, a serial number of thepublic key certificate to be allocated to the content provider 3 by theauthentication station, an algorithm and a parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, a name of the service provider 3, the publickey K_(pcp) of the service provider 3, and signatures. The signature isdata generated by applying the secret key K_(sca) of the authenticationstation to a hash value generated by applying a hash function to aversion number of the public key certificate, a serial number of thepublic key certificate to be allocated to the service provider 3 by theauthentication station, an algorithm and a parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, and a name of the service provider 3, thepublic key K_(pcp) of the service provider 3.

FIG. 32 illustrates the public key certificate of the user apparatus.The public key certificate 5A of the user apparatus includes a versionnumber of the public key certificate, a serial number of the public keycertificate to be allocated to the user apparatus (more precisely theencryption processing section (a exclusive use ticket)) by theauthentication station, an algorithm and a parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, a name of the user apparatus, the public keyK_(pu) of the user apparatus, and the signatures. The signature is datagenerated by applying the secret key K_(sca) of the authenticationstation to a hash value generated by applying a hash function to theversion number of the public key certificate, a serial number of thepublic key certificate to be allocated to the user apparatus by theauthentication station, an algorithm and a parameter used for thesignature, a name of the authentication station, an effective period ofthe public key certificate, and a name of the user apparatus, the publickey K_(pu) of the user apparatus.

FIGS. 33 and 34 shows a data format of a handling policy that isgenerated for each single content or album content by the contentprovider 2 and shows contents of a utilization right purchasable by theuser home network 5.

In the data of the handling policy for the single content (FIG. 33), atype of the data, a type of the handling policy, an effective period ofthe handling policy, an ID of the contents, an ID of the contentprovider, an ID of the handling policy, a version of the handlingpolicy, a regional code, usable apparatus conditions, usable userconditions, an ID of the service provider, generation managementinformation, the number of rules including the purchasable utilizationright indicated by the handling policy, address information indicatingthe storage position of the rules, the rules stored in the positionindicated by the address information, the public key certificate andsignatures.

The rule is composed of a rule number given as a serial number for eachutilization right, a utilization right content number indicating theutilization right contents, its parameter, a minimum sales price, aprofit amount of the content provider, a profit ratio of the contentprovider, a data size, and transmission information.

In addition, data of a handling policy for the album contents (FIG. 34),a type of data, a type of the handling policy, an effective period ofthe handling policy, an ID of the album, a version of the handlingpolicy, an ID of the contents, an ID of the content provider, an ID ofthe handling policy, a version of the handling policy, a regional code,usable apparatus conditions, usable user conditions, an ID of theservice provider, the number of a handling policy of single contentsforming the album, address information indicating a storing position ofthe handling policy of the single content, a data packet of the handlingpolicy of the single content stored in the position indicated by theaddress information, generation management information, the number ofrules including the purchasable utilization right indicated by thehandling policy, address information indicating the storage position ofthe rules, the rules stored in the position indicated by the addressinformation, the public key certificate and signatures.

Further, similar to the rule of the handling policy of the singlecontent, the rules is composed of a rule number given as a serial numberfor each utilization right, a utilization right content numberindicating the utilization right contents, its parameter, a minimumsales price, a profit amount of the content provider, a profit ratio ofthe content provider, a data size, and transmission information.

In these a handling policy, a type of data indicates that the data isthe data of a handling policy, and a type of the handling policyindicates which of single or album contents the handling policy is. Theeffective period of the handling policy indicates a usage period of thehandling policy by a date on which the period expires, or by the numberof days from a date to be a basis when the use has started to a datawhen the period expires. An ID of the contents and an ID of the albumindicates the purchasable single contents or album contents indicated bythe handling policy, an ID of the content provider indicates the ID ofthe content provider 2 that has provided for the handling policy.

In addition, an ID of the handling policy is for identifying thehandling policy, and is used, for example, for identifying the handlingpolicy in the case in which a plurality of a handling policy are set foridentical contents. A version of the handling policy indicates revisioninformation of a policy that is revised according to a use period.Therefore, the handling policy is managed by the ID of the handlingpolicy and the version of the handling policy.

A regional code indicates a region where a handling policy is usable bycoding the region, and can assign a code indicating a specific regionlimiting regions where the handling policy is usable and a code that canmake the handling policy usable in all the regions to the regional code.Usable apparatus conditions indicate conditions of an apparatus that canutilize the handling policy, and usable user conditions indicateconditions of a user who can utilize the handling policy.

An ID of a service provider indicates an ID of a service provider 3 thatutilizes a handling policy, and the ID of the service provider includesan ID of a specific service provider 3 limiting a service provider 3that can use the handling policy and an ID that makes the handlingpolicy usable for a plurality of (all) the service providers.

Moreover, generation management information indicates a maximum numberof times contents can be re-purchased. A signature is affixed to theentirety ranging from a type of data to a public key certificateexcluding the signature from a handling policy. An algorithm and aparameter used in preparing the signature and a key to be used forverification of the signature are included in the public keycertificate. In addition, in rules, a utilization right content numberis a number added for each utilization right content, and a parameterindicates a parameter of right contents. A minimum sales price indicatesa minimum sales price in selling single or album contents according tothe utilization right contents, a profit amount and a profit ratio of acontent provider indicates an amount of a profit that a content provider2 can obtain when the single contents and the album contents arepurchased, and a profit ratio to the sales price. A data size indicatesdata size of transmission information, and the transmission informationconsists of a point to be added to a user through a purchase of theutilization right set by the content provider 2, mileage informationmade up of a discount amount of the utilization right according to thepoint, and various kinds of information set by the content provider 2,if necessary.

Here, in the handling policy of the album contents, a plurality of rulesindicate a purchase form of the album. In addition, in a handling policyof a plurality of single contents stored in the handling policy of thealbum contents, rules stored in the handling policy indicate a purchaseform of the single contents in the album such as a form in whichrespective corresponding single contents can be independently purchasedas a single tune out of the album, or a form in which respectivecorresponding single contents can be purchased as an album tune only(that is, can only be purchased together with other single contents asan album).

Therefore, in a handling policy of album contents, it is defined suchthat either of album contents or single contents that can be soled as asingle tune can be selected to be purchased in the manner in which thealbum contents are purchased based on rules of the handling policy andthe single contents are purchased as a single tune.

In addition, in a handling policy of album contents, with the additionof a signature to the entire album contents, tamper or the like can bechecked for a handling policy of each single content as well togetherwith the handling policy of the album contents simply by verifying thesignature without respectively verifying the handling policy of thesingle contents stored in the handling policy, hence, the verificationof a signature can be thereby simplified.

Incidentally, in a handling policy of single and album contents,presence or absence of a verification of a signature can be stored, ifnecessary, which indicates whether or not the verification of asignature is executed to the contents. This is because the verificationof a signature takes time, and, if information on presence or absence ofthe verification of a signature with respect to a handling policy isstored, makes the verification of a signature of contents to be executedor not to be executed according to the information.

In addition, in a handling policy of album contents, although it storesa handling policy of a plurality of single contents forming the album,it may not store a handling policy of the plurality of single contents.

Moreover, in a handling policy of single and album contents, since aprofit amount and a profit ratio of a content provider can be managedaltogether by the electronic distribution service center 1, the handlingpolicy can be formed excluding the profit amount and the profit ratio ofthe content provider.

FIGS. 37 and 38 illustrate a data format of price information, and theprice information is generated for each a handling policy of singlecontents to be given by a content provider 2 and for each a handlingpolicy of album contents in a service provider 3, and indicates a priceof the single contents and the album contents.

In the data of the handling policy for the single content (FIG. 37), atype of the data, a type of the price information, an effective periodof the price information, an ID of the contents, an ID of the serviceprovider, an ID of the price information, a version of the priceinformation, a regional code, usable apparatus conditions, usable userconditions, an ID of the content provider, an ID of the handling policyto which the price information is added, the number of rules includingthe purchasable utilization right indicated by the price information,address information indicating the storage position of the rules, therules stored in the position indicated by the address information, thepublic key certificate and signatures.

The rule is composed of a rule number given as a serial number for eachutilization right, a profit amount of the service provider, a profitratio of the service provider, a price, a data size, and transmissioninformation.

In addition, in the data of the handling policy for the single content(FIG. 38), a type of the data, a type of the price information, aneffective period of the price information, an ID of the album, an ID ofthe service provider, an ID of the price information, a version of theprice information, a regional code, usable apparatus conditions, usableuser conditions, an ID of the content provider, an ID of the handlingpolicy to which the price information is added, the number of pieces ofprice information of single contents forming the album, addressinformation indicating a storage position of the price information ofthe single contents, a data packet of the price information of thesingle contents stored in the position indicated by the addressinformation, the number of rules including the purchasable utilizationright indicated by the price information, address information indicatingthe storage position of the rules, the rules stored in the positionindicated by the address information, the public key certificate andsignatures.

Similar to the rule of the price information for the single contents,the rule is composed of a rule number given as a serial number for eachutilization right, a profit amount of the service provider, a profitratio of the service provider, a price, a data size, and transmissioninformation.

In the above-mentioned price information, a type of data indicates thatthe data is the data of price information, and a type of the priceinformation indicates which of single or album contents the priceinformation is. The effective period of the price information indicatesa usage period of the price information by a date on which the periodexpires, or by the number of days from a date to be a basis when the usehas started to a data when the period expires. An ID of the contents andan ID of the album indicates the purchasable single contents or albumcontents indicated by the price information, an ID of the serviceprovider indicates the ID of the service provider 3 that has preparedthe price information.

In addition, an ID of the price information is for identifying the priceinformation, and is used, for example, for identifying the priceinformation in the case in which a plurality of pieces of priceinformation are set for identical contents. A version of the priceinformation indicates revision information of price information that isrevised according to a use period. Therefore, the price information ismanaged by the ID of the price information and the version of the priceinformation.

A regional code indicates a region where price information is usable bycoding the region, and can assign a code indicating a specific regionlimiting regions where the price information is usable and a code thatcan make the price information usable in all the regions to the regionalcode. Usable apparatus conditions indicate conditions of an apparatusthat can utilize the price information, and usable user conditionsindicate conditions of a user who can utilize the price information. AnID of a content provide indicates an ID of a content provider 2 that hasprovided for a handling policy to which the price information is added.An ID of the handling policy is for identifying the handling policy towhich the price information is added.

Moreover, a signature is affixed to the entirety ranging from a type ofdata to a public key certificate excluding the signature from priceinformation. An algorithm and a parameter used in preparing thesignature and a key to be used for verification of the signature areincluded in the public key certificate.

In addition, in rules, a rule number uses a rule number of a ruleindicated by a corresponding a handling policy as it is. A profit amountand a profit ratio of a service provider indicates an amount of profitthat a service provider 3 can obtain when single contents and albumcontents are purchased and a profit ration to a price, and the priceindicates a sales price of the single contents and the album contentsthat are set by the service provider 3 based on utilization rightcontents and a corresponding minimum sales price. A data size indicatesdata size of transmission information, and the transmission informationconsists of a point to be added to a user through a purchase of theutilization right set by the service provider 3, mileage informationmade up of a discount amount of the utilization right according to thepoint, and various kinds of information set by the service provider 3,if necessary.

Here, when generating price information, the service provider 3 can setall the purchasable utilization right indicated by a corresponding ahandling policy as a purchasable right indicated by the priceinformation, and at the same time, can set a utilization right arbitraryselected out of all the purchasable utilization right indicated by thehandling policy, thus, can select a utilization right provided for bythe content provider 2.

In addition, in price information of album contents, a plurality ofrules provides for a sales price corresponding to a purchase form of analbum. Further, in price information of a plurality of single contentsstored in the price information of the album contents, rules of priceinformation of single contents that can be soled as a single tuneprovides for a sales price of single contents that can be sold as thesingle tune.

Therefore, in price information of album contents, the price informationis made such that a sales price of an album and a sales price of singlecontents that can be sold as a single tune can be recognized by onepiece of the price information.

In addition, in price information of album contents, with the additionof a signature to the entire album contents, tamper or the like can bechecked for price information of each single content as well togetherwith the price information of the album contents simply by verifying thesignature without respectively verifying the signature of priceinformation of the single contents stored in the price information,hence, the verification of a signature can be thereby simplified.

Incidentally, in price information of a single and an album, presence orabsence of a verification of a signature with respect to contents as inthe above-mentioned a handling policy concerning FIGS. 33 and 34. Inaddition, in price information of album contents, although it storesprice information of a plurality of single contents forming the album,it may not store price information of the plurality of single contents.

Moreover, in price information of single and album contents, since aprofit amount and a profit ratio of a service provider can be managedaltogether by the electronic distribution service center 1, the priceinformation may be formed excluding the profit amount and the profitratio of the service provider.

FIG. 41 illustrates a data format of license conditions information, andthe license conditions information is prepared, when a user purchasescontents, based on a handling policy of the purchased contents in anapparatus in the user home network 5, and indicates utilization rightcontents selected by the user among utilization right contents indicatedby the handling policy.

In data of license conditions information, a type of data, a type oflicense conditions information, an effective period of the licenseconditions information, an ID of contents, an ID of an album, an ID ofan encryption processing section, an ID of a user, an ID of a contentprovider, an ID of a handling policy, version of the handling policy, anID of a service provider, an ID of price information, a version of priceinformation, an ID of license conditions information, a rule numberattached to a reproduction right (utilization right) as a serial number,a utilization right content number, a remaining number of time ofreproduction, an effective period of the reproduction right, a rulenumber attached to a copying right (utilization right) as a serialnumber, a utilization right content number, a remaining number of timesof copying, generation management information, and an ID of anencryption section having a reproduction right are stored.

In license conditions information, a type of data indicates that thedata is data of the license conditions information, a type of licenseconditions information indicates whether the license conditionsinformation is license conditions information of single contents oralbum contents. An effective period of license conditions informationindicates a usage period of the license conditions information by a datawhen the period expires, the number of days from a day to be a basis ofstart using until a data when the period expires.

An ID indicating purchased single contents is described in an ID ofcontents, and an ID indicating an album is described in an ID of analbum only when the album is purchased. In fact, if contents arepurchased as a single, the ID indicating the purchased single contentsis described in an ID of the contents, and if contents are purchased asan album, IDs of all the single contents forming the album are describedin the ID of contents and an ID indicating the purchased album isdescribed in the ID of an album. Therefore, just looking at the ID of analbum, whether purchased contents are a single or an album can be easilydetermined.

An ID of an encryption processing section indicates an encryptionprocessing section of an apparatus in the user home network 5 thatperformed purchase processing of contents. When an apparatus in the userhome network 5 that purchased contents is shared by a plurality ofusers, an ID of a user indicates a plurality of users sharing anapparatus.

In addition, an ID of a content provider indicates an ID of a contentprovider 2 that has provider for a handling policy used for preparinglicense conditions information, and an ID of a handling policy indicatesa handling policy used for preparing the license conditions information.An version of a handling policy indicates revision information of ahandling policy used for preparing license conditions information. An IDof a service provider indicates an ID of a service provider 3 that hasprepared price information used for preparing license conditionsinformation, and an ID of price information indicates price informationused for preparing the license conditions information. A version ofprice information indicates revision information of a handling policyused for preparing license conditions information. Therefore, a contentprovider 2 or a service provider 3 that has provided contents purchasedby a user can be found by the ID of a content provider, the ID of ahandling policy, the version of a handling policy, the ID of a serviceprovider, the ID of price information and the version of priceinformation.

An ID of license conditions information is attached by an encryptionprocessing section of an apparatus in a user home network 5 that haspurchased contents, and is used for identifying the license conditionsinformation. A rule number of a reproduction right indicates a serialnumber attached to a reproduction right among a utilization right, anduses a rule number of a rule indicated by a corresponding handlingpolicy or price information as it is. Utilization right contentsindicate contents of a reproduction right to be described later. Aremaining number of times of reproduction indicates a remaining numberof times of reproduction among a number of times of reproduction set inadvance to contents, and an effective period of a reproduction rightindicates a corresponding reproduction available period of purchasedcontents by a date and time when the period expires.

In addition, a rule number of a copying right indicates a serial numberattached to a copying right among a utilization right, and uses a rulenumber of a rule indicated by a corresponding handling policy and priceinformation as it is. Utilization right contents indicate contents of acopying right to be described later. A remaining number of times ofcopying indicates a remaining number of times of copying among a numberof times of copying set in advance to purchased contents.

Moreover, generation management information indicates, when contents arere-purchased, a remaining number of times the contents can bere-purchased. An ID of an encryption processing section having areproduction right indicates an encryption processing section having areproduction right at the current time, and when management is shifted,an ID of an encryption processing section having a reproduction right ischanged.

Incidentally, in license conditions information, an effective period maybe provided for with respect to a copying right, and when the effectiveperiod is provided for, a period for purchased contents in which copyingis available is indicated by a date and time when the period expires, orthe like.

FIG. 42 indicates charge information, and the charge information isgenerated, when contents are purchased, by an apparatus in the user homenetwork 5 based on a handling policy and price information correspondingto the contents.

In data of charge information, a type of data, an ID of an encryptionprocessing section, an ID of a user, an ID of contents, an ID of acontent provider, an ID of a handling policy, a version of a handlingpolicy, an ID of a service provider, an ID of price information, aversion of price information, an ID of license conditions information, arule number, a profit amount and a profit ratio of a content provider 2,a profit amount and a profit ratio of a service provider, generationmanagement information, a data size of transmission information set by acontent provider, the transmission information set by the contentprovider, a data size of transmission information set by a serviceprovider, transmission information set by the service provider, and anID of a supplier.

In charge information, a type of data indicates that the data is chargeinformation, and an ID executes purchase processing of contents andindicates an encryption processing section of an apparatus that hasgenerated the charge information. When a plurality of users share anapparatus in a user home network 5 that has purchased the contents, anID of a user indicates a plurality of users who share the apparatus, andID of contents indicates the purchased contents (single contents andalbum contents).

In addition, an ID of a content provider indicates an ID of a contentprovider 2 that has provided for a handling policy used for a purchaseprocessing (an ID of a content provider included in the handlingpolicy), and an ID of a handling policy indicates a handling policy usedfor the purchase processing. A version of a handling policy indicatesrevision information of a handling policy used for purchase processing.An ID of a service provider indicates an ID of a service provider 3 thathas prepared price information used for purchase processing (an ID of aservice provider included in the price information), and an ID of priceinformation indicates price information used for the purchaseprocessing. A version of price information indicates revisioninformation of price information used for purchase processing.

An ID of license conditions information indicates an ID of licenseconditions information that has been prepared upon purchase processing,and a rule number indicates a rule number attached to a purchasedutilization right as a serial number. A profit amount and a profit ratioof a content provider indicate an amount of dividend that is distributedto a content provider 2 through purchase of contents and its ratio tosales, and a profit amount and a profit ratio of a service providerindicate an amount of dividend that is distributed to a service provider3 through purchase of contents and its ratio to sales.

Moreover, generation management information indicates a generation ofpurchased contents. In addition, a data size indicating a handlingpolicy used for purchase processing and transmission information arestored as they are in a data size of transmission information set by acontent provider and the transmission information set by the contentprovider, and a data size indicating price information used for purchaseprocessing and transmission information are stored as they are in a datasize of transmission information set by a service provider and thetransmission information set by the service provider. An ID of asupplier indicates an apparatus of a supplier that has applied purchaseprocessing, and the ID is accumulated every time re-purchase of contentsis conducted.

Incidentally, in charge information, since a profit amount and a profitratio of a content provider and a profit amount and a profit ratio of aservice provider may be managed altogether by the electronicdistribution service center 1, the charge information may be formedexcluding the profit amount and the profit ratio of the content provideras shown in FIG. 43.

FIG. 44 shows contents of a purchasable utilization right, and as theutilization right, there are roughly a reproduction right, a copyingright, a right content changing right, a re-purchase right, anadditional purchase right, and a management transfer right.

The reproduction right includes an unlimited reproduction right thatdoes not have limitations on a period or the number of times ofreproduction, a reproduction right with a period limitation that limitsa reproduction period, a reproduction right with a cumulating timelimitation that limits cumulating time of reproduction, and areproduction right with a number of times limitation that limits thenumber of times of reproduction. The copying right includes an unlimitedcopying right without a period limitation, a number of times limitationand copy management information (e.g., the serial copy management:SCMS), a copying right with a number of times limitation and withoutcopy management information that limits the number of times of copyingbut does not have copy management information, a copying right with copymanagement information that does not have a period limitation and anumber of times limitation but adds and provides copy managementinformation, and a copying right with a number of times limitation andcopy management information that limits the number of times of copying,and adds and provides copy management information. Incidentally, inaddition to the above, as a copying right, there are a copying rightwith a period limitation that limits a copy available period (includingthe one that adds copy management information and the one that does notadd the copy management information), and a copying right with acumulating time limitation that limits a cumulating time of copying(i.e., a cumulating time required for reproduction of copied contents)(including the one that adds copy management information and the onethat does not add the copy management information), and the like.

In addition, the right contents changing right is a right for changingcontents of a right already purchased to other contents, and there-purchase right is a right for separately purchasing a utilizationright based on a right purchased by other apparatuses as describedabove. The additional purchase right is a right for purchasing andadding to independently purchased contents other contents of an albumincluding the contents, and the management transfer right is a right fortransferring a purchased right to change an owner.

An specific example of utilization right contents shown in FIG. 33, etc.will now be described. In fact, as shown in FIG. 45A, as data of theunlimited reproduction right, information on an effective period of areproduction right that indicates an effective period of a reproductionright by a date on which the period expires, or the number of days froma date to be a basis of starting an effective period until a date onwhich the period expires, or the like is stored in a region ofutilization right contents. As shown in FIG. 45B, as data of thereproduction right with a period limitation, information on an effectiveperiod of the reproduction right that indicates an effective period of areproduction right by a date on which the period expires, or the numberof days from a date to be a basis of starting an effective period untila date on which the period expires, or the like is stored in a region ofutilization right contents.

As shown in FIG. 45C, as data of the reproduction right with acumulating limitation, information on an effective period of thereproduction right that indicates an effective period of a reproductionright by a date on which the period expires, or the number of days froma date to be a basis of starting an effective period until a date onwhich the period expires, or the like, and information on the number ofdays and time indicating a limitation of accumulating time contents canbe reproduced are stored in a region of utilization right contents. Asshown in FIG. 45D, as data of the reproduction right with a number oftimes limitation, information on an effective period of the reproductionright that indicates an effective period of a reproduction right by adate on which the period expires, or the number of days from a date tobe a basis of starting an effective period until a date on which theperiod expires, or the like, and information on the number of times ofreproduction indicating the number of times contents can be reproducedare stored in a region of utilization right contents.

In addition, as shown in FIG. 45E, as data of the unlimited copyingright without copy management information, information on an effectiveperiod of the copying right that indicates an effective period of acopying right by a date on which the period expires, or the number ofdays from a date to be a basis of starting an effective period until adate on which the period expires, or the like is stored in a region ofutilization right contents. As shown in FIG. 45F, as data of the copyingright with a number of times limitation and without copy managementinformation, information on an effective period of the copying rightthat indicates an effective period of a copying right by a date on whichthe period expires, or the number of days from a date to be a basis ofstarting an effective period until a date on which the period expires,or the like, and information on the number of times of copying thatindicates the number of times contents can be copied are stored in aregion of utilization right contents.

In addition, as shown in FIG. 45G, as data of the copying right withcopy management information, information on an effective period of thecopying right that indicates an effective period of a copying right by adate on which the period expires, or the number of days from a date tobe a basis of starting an effective period until a date on which theperiod expires, or the like is stored in a region of utilization rightcontents. As shown in FIG. 45H, as data of the copying right with anumber of times limitation and copy management information, informationon an effective period of the copying right that indicates an effectiveperiod of a copying right by a date on which the period expires, or thenumber of days from a date to be a basis of starting an effective perioduntil a date on which the period expires, or the like, and informationon the number of times of copying that indicates the number of timescontents can be copied are stored in a region of utilization rightcontents.

Moreover, as shown in FIG. 45I, as data of the right contents changingright, information on an effective period of the right contents changingright that indicates an effective period of a right content changingright by a date on which the period expires, or the number of days froma date to be a basis of starting an effective period until a date onwhich the period expires, or the like, an old rule number for retrievingutilization right contents before change, and a new rule number forretrieving utilization right contents after change are stored in aregion of utilization right contents. Incidentally, as utilization rightcontents, a plurality of kinds of contents exist for each utilizationright content in one reproduction right with period limitation as aplurality kinds of reproduction right with period limitation exist bysetting the period. Therefore, since it is difficult to manageutilization right contents only by a utilization right contents number,in the right contents changing right, utilization right contents aremanaged by a rule number attached for each of a plurality of contentsfor each of these utility right contents.

As shown in FIG. 45J, as data of the repurchase right, information on aneffective period of the repurchase right that indicates an effectiveperiod of a repurchase right by a date on which the period expires, orthe number of days from a date to be a basis of starting an effectiveperiod until a date on which the period expires, or the like, an oldrule number for retrieving utilization right contents before repurchase,and a new rule number for retrieving utilization right contents afterrepurchase, and maximum distribution generation information thatindicates the maximum number of times contents can be repurchased arestored in a region of utilization right contents.

As shown in FIG. 45K, as data of the additional purchase right,information on an effective period of the additional purchase right thatindicates an effective period of an additional purchase right by a dateon which the period expires, or the number of days from a date to be abasis of starting an effective period until a date on which the periodexpires, or the like, and a minimum holding contents number and amaximum holding contents number indicating single contents alreadypurchased among a plurality of single contents forming album contentsare stored in a region of utilization right contents.

As shown in FIG. 45L, as data of the management transfer right,information on an effective period of the management transfer right thatindicates an effective period of a management transfer right by a dateon which the period expires, or the number of days from a date to be abasis of starting an effective period until a date on which the periodexpires, or the like is stored in a region of utilization rightcontents.

Incidentally, as such utilization right contents, for example, when dataof a game is divided into a plurality of contents, a contents purchaseright for purchasing the contents in accordance with a predeterminedorder may be provided for. Further, as shown in FIG. 45M, as data of thecontents purchase right, information on an effective period of thecontents purchase right that indicates an effective period of a contentspurchase right by a date on which the period expires, or the number ofdays from a date to be a basis of starting an effective period until adate on which the period expires, or the like, an ID of contents alreadypurchased, an old rule number for retrieving utilization right contentsalready purchased, and a new rule number for retrieving utilizationright contents to be purchased anew are stored in a region ofutilization right contents. In this way, a game program having a seriesof stories is made to be purchased, and contents (game) themselves canbe upgraded.

FIG. 46 shows a data format of single contents, and in data of thesingle contents, a type of data, a type of contents, an effective periodof contents, a category of contents, an ID of contents, an ID of acontent provider, an encryption method of contents, a data length ofencrypted contents, the encrypted contents, a public key certificatesand a signature are stored.

In the single contents, the type of data indicates that the data is dataof the contents, and the type of contents indicates that the contentsare a single. The effective period of contents indicates a distributionperiod of the contents by a data on which the period expires, the numberof days from a data to be a basis when distribution is started until theperiod expires, or the like. The category of contents indicates whetherthe contents are music data, program data, video data, or the like, andthe ID of contents is for identifying the single contents.

The ID of a content provider indicates an ID of a content provider 2having the single contents. The encryption method of contents indicatesan encryption method used for encryption of the contents (e.g., DES).The signature is attached to the entirety from the type of data to thepublic key certificate excluding the signature from data of the singlecontents. An algorithm and a parameter used in preparing the signatureas well as a key to be used for verification of the signature areincluded in the public key certificate.

In addition, FIG. 47 indicates a data format of album contents, and indata of the album contents, a type of data, a type of contents, aneffective period of contents, an ID of an album, an ID of a contentprovider, the number of single contents, address information of singlecontents, single contents, a public key certificates and a signature arestored.

In the album contents, the type of data indicates that the data is dataof the contents, and the type of contents indicates that the contentsare an album. The effective period of contents indicates a distributionperiod of the contents by a data on which the period expires, the numberof days from a data to be a basis when distribution is started until theperiod expires, or the like, and the ID of an album is for identifyingthe album contents.

The ID of a content provider indicates an ID of a content provider 2having the album contents. The number of single contents indicates thenumber of single contents forming an album, the address informationindicates a storage position of single contents forming the album, andis a data packet of a plurality of single contents forming the albumthat are actually stored in a position indicated by the addressinformation. In addition, the signature is attached to the entirety fromthe type of data to the public key certificate excluding the signaturefrom data of the single contents. An algorithm and a parameter used inpreparing the signature as well as a key to be used for verification ofthe signature are included in the public key certificate.

In addition, in album contents, with the addition of a signature to theentire album contents, tamper or the like can be checked for each singlecontent as well together with the album contents simply by verifying thesignature without respectively verifying the single contents stored inthe album contents, hence, the verification of a signature can bethereby simplified.

FIG. 48 shows a data format of a key for single contents, and in keydata for the single contents, a type of data, a type of key data, aneffective period of a key, an ID of contents, an ID of a contentprovider, a version of a key, an encryption method of a content keyK_(co), an encrypted content key K_(co), an encryption method of anindividual key K_(i), an encrypted individual key K_(i), a public keycertificated and a signature are stored.

In the key data for single contents, the type of data indicate that thedata is data of a key, the type of key data indicates the key data isfor single contents. The effective data of a key indicates a usageperiod of a key (a content key K_(co) and an individual key K_(i)) shownin the key data by a data on which the period expires, the number ofdays from a data to be a basis when use is started until the periodexpires, or the like, and the ID of contents indicates single contentsto be encrypted by the content key K_(co). The ID of a content providerholds contents and indicates an ID of a content provider 2 that hasgenerated the content key K_(co).

The version of a key indicates revision information of a key (a contentkey K_(co) and an individual key K_(i)) that has been revised accordingto a usage period. The encryption method of contents key K_(co)indicates an encryption method (e.g., DES) used for encryption of thecontent key K_(co) using an individual key K_(i), and the encryptedcontent key K_(co) indicates a content key K_(co) that has beenencrypted using the individual key K_(i) by the encryption method. Theencryption method of an individual key K_(i) indicates an encryptionmethod (e.g., Triple-DES-CBC) for encrypting an individual key K_(i)using a delivery key K_(d), and the encrypted individual key K_(i)indicates an individual key K_(i) that has been encrypted using adelivery key. K_(d) by the encryption method. The signature is attachedto the entirety from the type of data to the public key certificateexcluding the signature from data of the single contents. An algorithmand a parameter used in preparing the signature as well as a key to beused for verification of the signature are included in the public keycertificate.

Here, the delivery key K_(d) and the individual key K_(i) are deliveredfrom a content provider 2, always united by key data for singlecontents. Then, in the key data for single contents, one signature isadded to the entire data. Therefore, in an apparatus having received thekey data for single contents, it is not necessary to separately verifysignatures with respect to an encrypted content key K_(co) and anencrypted key K_(i), the signatures are deemed to be verified withrespected to the encrypted content key K_(co) and the encryptedindividual key K_(i) simply by verifying one signature of the key datafor single contents, hence, the verification of a signature with respectto the encrypted content key K_(co) and the encrypted individual keyK_(i) can be thereby simplified.

Incidentally, an individual key K_(i) is encrypted with an ID of acontent provider that encrypts a content key K_(co) using the individualkey K_(i). A method for encrypting an individual key K_(i) together withan ID of a content provider by an encryption method called the CBC of atriple DES will be described with reference to FIG. 49. That is, withsuch an encryption method, after connecting a predetermined initialvalue and an individual key K_(i) (64 bits), the individual key K_(i) isencrypted by an encryption method by the CBC mode of triple DES, andafter connecting a first value of a resulting 64 bits with an ID (64bits) of a content provider, the individual key K_(i) is encrypted by anencryption method by the CBC mode of triple DES using the delivery keyK_(d) again, thereby obtaining a second value of 64 bits. In such anencryption method, data of 16 bites connecting the first value and thesecond value becomes the encrypted individual key K_(i) that is storedin key data for single contents (in this case, the first valuecorresponds to first 64 bit data of the encrypted individual key K_(i)to be stored in the key data for single contents, and the second valuebecomes 64 bit data following the first value among the encryptedindividual key K_(i) to be stored in the key data for single contents).

In addition, FIG. 50 shows key data for album contents, and in the keydata for album contents, a type of data, a type of key data, aneffective period of a key, an ID of an album, an ID of a contentprovider, a version of a key, the number of key data for single contentsto be used for encrypting single contents forming an album, addressinformation indicating a storage position of the key data, a key datapacket stored in a position indicated by the address information, apublic key certificate and a signature are stored.

In the key data for album contents, the type of data indicate that thedata is data of a key, the type of key data indicates the key data isfor album contents. The effective data of a key indicates a usage periodof a key (a content key K_(co)) shown in the key data by a data on whichthe period expires, the number of days from a data to be a basis whenuse is started until the period expires, or the like, and the ID of analbum indicates album contents consisting of single contents to beencrypted by the content key. K_(co). The ID of a content providerindicates an ID of a content provider 2 that encrypts album contents.

The version of a key indicates revision information of a key (a contentkey K_(co)) revised according to a usage period. The signature isattached to the entirety from the type of data to the public keycertificate excluding the signature from data of the single contents. Analgorithm and a parameter used in preparing the signature as well as akey to be used for verification of the signature are included in thepublic key certificate.

In addition, in key data for album contents, with the addition of asignature to the entire album contents, tamper or the like can bechecked for key data of each single content as well together with keydata of the album contents simply by verifying the signature withoutrespectively verifying key data for a plurality of single contentsstored in key data for the album contents, hence, the verification of asignature can be thereby simplified.

FIG. 51 illustrates operations of mutual authentication of an encryptionprocessing section 65 and an extension section 66, in which one commonkey uses DES that is a common key encryption. In FIG. 51, given that Ais an extension section 66 and B is an encryption processing section 65,the encryption processing section 65 generates a random number R_(B) of64 bits, and transmits R_(B) and ID_(B) that is its own ID to theextension section 66 via an upper controller 62. The extension section66 having received the transmission generates a random number R_(A)anew, encrypts R_(A), R_(B) and ID_(B) using a key K_(AB) in a CBC modeof DES, and returns them to the encryption processing section 65 via theupper controller 62.

The CBC mode of DES is a method for applying exclusive OR to immediatelypreceding output and input and encrypting them when conductingencryption. In this example,

X=DES(K _(AB) ,R _(A)+IV) IV=initial value, +: exclusive OR

Y=DES(K _(AB) ,R _(B) +X)

Z=DES(K _(AB),ID_(B) +Y)

and outputs are X, Y, Z. In these equations, DES (K_(AB), R_(A)+IV)represents encrypting data R_(A)+IV with DES using a key K_(AB), Y=DES(K_(AB), R_(B)+X) represents encrypting data R_(B)+X with DES using thekey K_(AB), and Z=DES (K_(AB), ID_(B)+Y) represents encrypting dataID_(B)+Y with DES using the key K_(AB).

The encryption processing section 65 having received the data decryptsthe received data with the key K_(AB), and inspects whether R_(B) andID_(B) match transmitted data. When the data passes the inspection, theextension section 66 is authenticated as a legal one. Subsequently, asession key (i.e., a temporary key K_(temp), which is generated by arandom number) SK_(AB), R_(B), R_(A) and SK_(AB) are encrypted using thekey K_(AB) in a CBC mode of DES and transmitted to the extension section66 via the upper controller 62. The extension section 66 having receivedthe transmission decrypts the received data with the key K_(AB), andinspects whether R_(B) and R_(A) match the one transmitted by theextension section 66. When the data passes the inspection, theencryption processing section 65 is authenticated as a legal one, andthe data SK_(AB) is used for subsequent communications as a session key.Further, in examining the received data, if illegality or mismatching isfound, mutual authentication is deemed failed and the processing isterminated.

FIG. 52 illustrates operation of mutual authentication between a mutualauthentication module 95 in an encryption processing section 65 of ahome server 51 and a mutual authentication module (not shown) in anencryption processing section 73 of a fixed apparatus 52 using anelliptical curve encryption of 160 bit length that is a public keyencryption. In FIG. 52, given that A is an encryption processing section73 and B is an encryption processing section 65, the encryptionprocessing section 65 generates a random number R_(B) of 64 bits, andtransmits it to a fixed apparatus 52 via an upper controller 62 and atransmission section 61. The fixed apparatus 52 having received therandom number generates a random number R_(A) of 64 bits anew and arandom number A_(K) smaller than a sample number p in the encryptionprocessing section 73. Then, the fixed apparatus 52 finds a point A_(V)that is a base point G multiplied by A_(K), connects R_(A), R_(B), A_(V)(x coordinates and Y coordinates) (64 bits+64 bits+160 bits+160 bits=448bits), and generates signature data A.Sig with a secret key held byitself with respect to the data. Further, since scalar times of a basepoint is the same as the method described in the generation of asignature of FIG. 10, its description is omitted. Connection of data issuch data of 32 bits which, when data A of 16 bits and data B of 16 bitsare connected, data of upper 16 bits is A and data of lower 16 bits isB. Since generation of a signature is the same as the method describedin the generation of a signature of FIG. 10, its description is omitted.

Then, the encryption processing section 73 transfers R_(A), R_(B) andA_(V) as well as the signature data A.Sig to the upper controller 72,and the upper controller 72 adds a public key certificate for the fixedapparatus 52 (stored in a small storage section 75), and transmits themto a home server 51 via a communication section 71. Since the public keycertificate is illustrated in FIG. 32, its detailed description isomitted. The home server 51 having received this verifies a signature ofthe public key certificate of the fixed apparatus 52 in the encryptionprocessing section 65. Since the verification of the signature is thesame as the method described in the verification of the signature ofFIG. 11, its description is omitted. Then, the encryption processingsection 73 inspects whether the random number RB among the transmitteddata is identical with the one transmitted by the encryption processingsection 65, and if it is identical, verifies the signature data A.Sig.When the verification is successful, the encryption processing section65 authenticates the encryption processing section 73. Further, sincethe verification of the signature is the same as the method described inthe verification of the signature of FIG. 11, its description isomitted. Then, the encryption processing section 65 generates a randomnumber B_(K) smaller than the sample number p, finds a point B_(V) thatis the base point G times B_(K), connects R_(B), R_(A) and B_(V) (xcoordinates and Y coordinates), and generates signature data B.Sig witha secret key held by itself with respect to the data. Finally, theencryption processing section 65 transfers R_(B), R_(A) and B_(V) aswell as the signature data B.Sig to the upper controller 62, and theupper controller 62 adds a public key certificate for the home server 51(stored in a mass storage section 68) and transmits them to the fixedapparatus 52 via the communication section 61.

The fixed apparatus 52 having received this verifies the signature ofthe public key certificate of the home server 51 in the encryptionprocessing section 73. Then, the fixed apparatus 52 inspects whether therandom number R_(A) among the transmitted data is identical with the onetransmitted by the encryption processing section 73, and if it isidentical, verifies the signature data B.Sig. When the verification issuccessful, the encryption processing section 73 authenticates theencryption processing section 65.

When both the data was successful in verification, the encryptionprocessing section 65 calculates B_(K) A_(V) (although B_(K) is a randomnumber, since A_(V) is a point on an elliptic curve, scalar timescalculation of a point on an elliptic curve is necessary), theencryption processing section 73 calculates A_(K) B_(V), and the lower64 bits of X coordinates of these points are used for subsequentcommunications as a session key (a temporary key K_(temp)) (if thecommon key encryption is the common key encryption of the 64 bit keylength). Incidentally, the session key to be used for communication isnot limited to the lower 64 bit of the X coordinates, but the lower 64bits of the Y coordinates may be used. Further, in secret communicationafter mutual authentication, data is not only encrypted with thetemporary key K_(temp), but also a signature may be added to theencrypted transmission data.

In verifying a signature and received data, if illegality or mismatchingis found, mutual authentication is deemed failed and the processing isterminated.

FIG. 53 illustrates operations when a settlement available apparatus inthe user home network 5 transmits charge information to the electronicdistribution service center 1. The settlement available apparatus in theuser home network 5 retrieves an object apparatus that it should settleon behalf of the network from registration information, conducts mutualauthentication, and has the charge information encrypted with the sharedtemporary key K_(temp) (which is different for each mutualauthentication) sharing the charge information and sent (a signature isattached to the data then). After finishing processing for all theapparatuses, the settlement available apparatus mutually authenticateswith the electronic distribution service center 1, encrypts all thecharge information with the shared temporary key, attaches signaturedata to these, and transmits them to the electronic distribution servicecenter 1 together with a handling policy and price information, ifnecessary. Further, since an ID of a handling policy, an ID of priceinformation and the like that are necessary for distribution of anamount are included in the charge information to be transmitted to theelectronic service center 1 from the user home network 5, a handlingpolicy or price information with large information amount is notnecessarily transmitted. The user management section 18 receives this.The user management section 18 verifies signature data with respect tothe received charge information, registration information, handlingpolicy and price information. Since the verification of a signature isthe same as the method described in FIG. 11, details are omitted. Then,the user management section 18 decrypts the charge information with thetemporary key K_(temp) that is shared for mutual authentication, andtransmits the charge information to the history data management section15 together with the handling policy and the price information.

Incidentally, in this embodiment, data to be transmitted after mutualauthentication is encrypted with the temporary key K_(temp) ifnecessary. For example, since, if contents of a content key K_(co) and ahandling key K_(d) are seen, data is illegally utilized, it is necessaryto encrypt them with the temporary key K_(temp) and makes them invisiblefrom outside. On the other hand, since, even if contents of chargeinformation and license conditions information are seen, data cannot beillegally utilized, it is not always necessary to encrypt them with thetemporary key K_(temp), but damages to parties relating to receipt of anamount are generated if, for example, an amount of charge information istampered or usage conditions of license conditions information istampered to be loose. Therefore, tamper is prevented by attaching asignature to the charge information or the license conditionsinformation. However, a signature may be attached if a content keyK_(co) or a delivery key K_(d) is transmitted.

Then, a transmitting side generates a signature to data to betransmitted or data that is the data encrypted by the temporary keyK_(temp), and transmits the data and the signature. The receiving sideobtains data by verifying the signature if the transmitted data is notencrypted by the temporary key K_(temp), or obtains data by decryptingthe data with the temporary key K_(temp) after verifying the signatureif the transmitted data is encrypted by the temporary key K_(temp). Inthis embodiment, data to be transmitted after mutual authentication maybe applied encryption by a signature or a temporary key K_(temp), ifnecessary.

The user management section 18 receives a delivery key K_(d) from thekey server 14, encrypts it with a shared temporary key K_(temp) to addsignature data, prepares registration information from the userregistration database, and transmits the delivery key K_(d), thesignature data and the registration information encrypted by thetemporary key K_(temp) to a settlement available apparatus in the userhome network 5. Since a method of preparing registration information isjust as described in FIG. 8, its detailed description is omitted here.

When executing settlement, the chart billing section 19 receives chargeinformation, a handling policy, if necessary, and price information fromthe history data management section 15, calculates a charge amountbilled to a user, and transmits billing information to the user. Thereceipt and disbursement section 20 communicates with a bank, or thelike, and executes settlement processing. On that occasion, if there isinformation such as outstanding fees or the like of the user, theinformation is transmitted to the charge billing section 19 and the usermanagement section 18 in the form of a settlement report, reflected onthe user registration database, and referred to upon subsequent userregistration processing or settlement processing.

The settlement available in the user home network 5 having received thedelivery key K_(d), the signature data and the registration dataencrypted by the temporary key K_(temp) updates stored registrationinformation, at the same time, inspects the registration information,and if registration is made, encrypts the delivery key K_(d) with thetemporary key K_(temp) after verifying the signature data, updates adelivery key K_(d) stored in the storage module in the encryptionprocessing section, and deletes charge information in the storagemodule. Subsequently, the settlement available apparatus retrieves anobject apparatus that it should settle on behalf of the network from theregistration information, conducts mutual authentication for eachapparatus found by the retrieval, encrypts the delivery key K_(d) readout from the storage module of the encryption processing section with atemporary key K_(temp) that is different for each apparatus found by theretrieval, and attaches a signature for each apparatus to send it toeach apparatus together with the registration information. Theprocessing ends when all the object apparatuses that the apparatusshould settle on behalf of the network are finishes.

The object apparatus having received the data inspects the registrationinformation as the settlement available apparatus did, decrypts thedelivery key K_(d) with the temporary key K_(temp) after verifying thesignature data, updates the delivery key K_(d) in the storage module,and deletes charge information.

Further, for an apparatus marked “registration unavailable” in theregistration item of the registration information, since fee is notcharged, update of the delivery key K_(d) and deletion of the chargeinformation are not conducted (contents of the registration items may bevarious cases that are not described such as stoppage of every actionsincluding use, stoppage of purchase processing, state in whichprocessing was conducted normally).

FIG. 54 illustrates operations of profit distribution processing of theelectronic distribution service center 1. The history data managementsection 15 maintains and manages charge information transmitted from theuser management section 18, a handling policy, if necessary, and priceinformation. The profit distribution section 16 calculates profit foreach of the content provider 2, the service provider 3 and theelectronic distribution service center 1 from the charge information,the handling policy, if necessary, and the price information transmittedfrom the history data management section 15, and transmits the resultsto the service provider management section 11, the content providermanagement section 12 and the receipt and disbursement section 20. Thereceipt and disbursement section 20 communicates with a bank or thelike, and conducts settlement. The service provider management section11 transmits distribution information received from the profitdistribution section 16 to the service provider 2. The content providermanagement section 12 transmits the distribution information receivedfrom the profit distribution section 16 to the content provider 3.

The audit section 21 receives charge information, a handling policy andprice information from the history data management section 15, andaudits if there is any inconsistency in data. For example, the auditsection 21 audit if a price in the charge information coincides withdata of the price information, if a distribution ratio is coincides, orthe like, and audits if the handling policy and the price informationcoincide each other. In addition, as processing of the audit section 21,there are processing for auditing the coincidence between an amountreceived from the user home network 5 and a total amount of adistributed profit or an amount transferred to the service provider 3,and processing for auditing whether or not, for example, a content ID ora service provider ID that could not exist or an impossible share, priceor the like is included in data in the charge information supplied froman apparatus in the user home network 5.

FIG. 55 illustrates operations of processing in the electronicdistribution service center 1 for transmitting utilization results ofcontents to JASRAC. The history data management section 15 transmitscharge information indicating utilization results of contents by a userto the copyright management section 13 and the profit distributionsection 16. The profit distribution section 16 calculates a billingamount to JASRAC and a payment amount from the charge information, andtransmits payment information to the receipt and disbursement section20. The receipt and disbursement section 20 communicates with a bank orthe like, and executes settlement processing. The copyright managementsection 13 transmits the utilization results of contents by the user toJASRAC.

Processing of the EMD system will now be described. FIG. 56 is a flowchart illustrating processing of distribution and reproduction ofcontents of this system. In step S40, the content provider managementsection 12 of the electronic distribution service center 1 transmits anindividual key K_(i) encrypted by a delivery key K_(d) and a public keycertificate of the content provider 2 to the content provider 2, and thecontent provider 2 receives this. Details of the processing will bedescribed later with reference to a flow chart of FIG. 57. In step S41,a user operates an apparatus (e.g., the home server 51 of FIG. 15) ofthe user home network 5, and registers the apparatus of the user homenetwork 5 in the user management section 18 of the electronicdistribution service center 1. Details of this registration processingwill be described later with reference to a flow chart of FIG. 59. Instep S42, the user management section 18 of the electronic servicecenter 1, after mutually authenticating with the user home network 5 asdescribed above with reference to FIG. 52, transmits the delivery keyK_(d) to the apparatus of the user home network 5. The user home network5 receives the key. Details of this processing will be described withreference to a flow chart of FIG. 62.

In step S43, the signature generation section 38 of the content provider2 generates a content provider secure container, and transmits it to theservice provider 3. Details of this processing will be described laterwith reference to a flow chart of FIG. 65. In step S44, the signaturegeneration section 45 of the service provider 3 generates a serviceprovider secure container, and transmits it to the user home network 5via the network 4. Details of this transmission processing will bedescribed later with reference to a flow chart of FIG. 66. In step S45,the purchase module 94 of the user home network 5 executes purchaseprocessing. Details of the purchase processing will be described laterwith reference to a flow chart of FIG. 67. In step S46, a userreproduces contents in an apparatus of the user home network 5. Detailsof the reproduction processing will be described later with reference toa flow chart of FIG. 72.

FIG. 57 is a flow chart illustrating details of processing, whichcorresponds to S40 of FIG. 56, in which the electronic distributionservice center 1 transmits an individual key K_(i), an individual keyK_(i) encrypted by a delivery key K_(d) and a public key certificate tothe content provider 2, and the content provider 2 receives these. Instep S50, the mutual authentication section 17 of the electronicdistribution service center 1 mutually authenticates with the mutualauthentication section 39 of the content provider 2. Since the mutualauthentication processing was described in FIG. 52, its details areomitted. When it is confirmed that the content provider 2 is a legalprovider with the mutual authentication, in step S51, the contentprovider 2 receives the individual key K_(i), the individual key K_(i)encrypted by the delivery key K_(d) and the certificate transmitted fromthe content provider management section 12 of the electronicdistribution service center 1. In step S52, the content provider 2stores the received individual key K_(i) in the tamper resistant memory40A, and stores the individual key K_(i) encrypted by the delivery keyK_(d) and the certificate in the memory 40B.

In this way, the content provider 2 receives an individual key K_(i), anindividual key K_(i) encrypted by a delivery key K_(d) and acertificated from the electronic distribution service center 1.Similarly, in an example in which processing of the flow chart shown inFIG. 56 is conducted, the service provider 3, in addition to the contentprovider 2, receives an individual key K_(i) (which is different fromthe individual key K_(i) of the content provider 2), an individual keyK_(i) encrypted by a delivery key K_(d) and a certificate from theelectronic distribution service center 1 with similar processing as thatin FIG. 57.

Further, the memory 40A is desirably a tamper resistant memory whosedata is not read out by a third party because it maintains an individualkey K_(i) that should be maintained secretly by the content provider 2,but hardware limitation is not necessary (e.g., a hard disk in a room towhich entry is controlled, a hard disk of a personal computer whosepassword is controlled, or the like may suffice). In addition, thememory 40B may be any apparatus such as an ordinary storage apparatus orthe like because it only stores an individual key K_(i) encrypted by adelivery key K_(d) and a certificate of the content provider 2 (does notneed to be kept secret). Further, the memories 40A and 40B may beunited.

FIG. 58 is a flow chart illustrating processing in which the home server51 registers settlement information in the user management section 18 ofthe electronic distribution service center 1. In step S60, the homeserver 51 mutually authenticates a public key certificate stored in themass storage section 68 with the mutual authentication section 17 of theelectronic distribution service center 1 in the mutual authenticationmodule 95 of the encryption processing section 65. Since thisauthentication processing is similar to that described with reference toFIG. 52, description is omitted here. A certificate that the home server51 transmits to the user management section 18 of the electronicdistribution service center 1 in step S60 includes data (a public keycertificate of a user apparatus) shown in FIG. 32.

In step S61, the home server decides whether or not a registration of anindividual's settlement information (such as a user's credit cardnumber, a settlement organization's account number, or the like) is anew registration, and if it is decided that it is a new registration,the processing proceeds to step S62. In step S62, a user input theindividual's settlement information using the inputting means 63. Thedata is encrypted in the encryption unit 112 using a temporary keyK_(temp), and is transmitted to the user management section 18 of theelectronic distribution service center 1 via the communication section61.

In step S63, the user management section 18 of the electronicdistribution service center 1 takes out an ID of an apparatus from thereceived certificate, and retrieves through the user registrationdatabase shown in FIG. 7 based on the ID of an apparatus. In step S64,the user management section 18 of the electronic distribution servicecenter 1 decides whether or not registration of an apparatus having thereceived ID is possible, and if it is decided that the registration ofan apparatus having the received ID is possible, the processing proceedsto step S65, and the user management section 18 decides whether or notthe apparatus having the received ID is a new registration. In step S65,if it is decided that the apparatus having the received ID is a newregistration, the processing proceeds to step S66.

In step S66, the user management section 18 of the electronicdistribution service center 1 issues a settlement ID anew, and at thesame time, decrypts the settlement information encrypted by thetemporary key, registers the settlement ID and settlement information byassociating them with an ID of the apparatus in the settlementinformation database that stores an apparatus ID, a settlement ID,settlement information (an account number, a credit card number or thelike), transaction suspension information, and the like, and registers asettlement ID in the user registration database. In step S67, the usermanagement section 18 prepares registration information based on dataregistered in the user registration database. Since this registrationinformation is described in FIG. 8, its details are omitted.

In step S68, the user management section 18 of the electronicdistribution service center 1 transmits the prepared registrationinformation to the home server 51. In step S69, the upper controller 62of the home server 51 stores the received registration information inthe mass storage section 68.

In step S61, if it is decided that the registration of the settlementinformation is an updated registration, the processing proceeds to stepS70, and the user inputs the individual's settlement information usingthe inputting means 63. The data is encrypted in the encryption unit 112using a temporary key K_(temp), and transmitted to the user managementsection 18 of the electronic distribution service center 1 via thecommunication section 61 together with the registration informationalready issued upon settlement registration.

In step S64, if it is decided that registration of an apparatus having areceived ID is indispensable, the processing proceeds to step S71, wherethe user management section 18 of the electronic distribution servicecenter 1 prepares registration information of registration rejection,and the processing proceeds to step S68.

In step S65, if it is determined that the apparatus having the receivedID is not a new registration, the processing proceeds to step S72, wherethe user management section 18 of the electronic distribution servicecenter 1 decrypts the settlement information encrypted by the temporarykey, and updates and registers it in the settlement informationregistration database by associating it with the ID of the apparatus,and the processing proceeds to step S67.

In this way, the home server 51 is registered in the electronicdistribution service center 1.

FIG. 59 is a flow chart illustrating processing for registering an ID ofan apparatus in registration information anew. Since mutualauthentication processing in step S80 is similar to the processingdescribed in FIG. 52, details are omitted. Since step S81 is the same asstep S63 of FIG. 58, its description is omitted. Since step S82 is thesame as step S64 of FIG. 58, its description is omitted. In step S83,the user management section 18 of the electronic distribution servicecenter 1 sets a registration item corresponding to an apparatus ID inthe user registration database as “registration,” and registers theapparatus ID. In step S84, the user management section 18 of theelectronic distribution service center 1 prepares registrationinformation as shown in FIG. 8 based on the user registration database.Since step S85 is the same as step S68 of FIG. 58, its description isomitted. Since step S86 is the same as the step S69 of FIG. 58, itsdescription is omitted.

In step S82, if it is decided that registration of an apparatus having areceived ID is indispensable, the processing proceeds to step S87, wherethe user management section 18 of the electronic distribution servicecenter 1 prepares registration information of registration rejection,and the processing proceeds to step S85.

In this way, the home server 51 is registered in the electronicdistribution service center 1.

FIG. 60 is a flow chart illustrating processing in additionallyregistering another apparatus via an already registered apparatus. Here,an example in which the home server 51 is already registered and thefixed apparatus 52 is registered therein will be described. In step S90,the home server 51 mutually authenticates with the fixed apparatus 52.Since mutual authentication processing is similar to the processingdescribed in FIG. 52, its description is omitted. In step S91, the homeserver 51 mutually authenticates with the electronic distributionservice center 1. In step S92, the home server 51 transmits theregistration information read out from the mass storage section 68 andthe certificate of the fixed apparatus 52 obtain when mutuallyauthenticating with the fixed apparatus 52 in step S90 to the electronicdistribution service center 1. Since step S93 is the same as step S81 ofFIG. 59, its description is omitted. Since step S94 is the same as stepS82 of FIG. 59, its description is omitted. Since step S95 is the sameas step S83 of FIG. 59, its description is omitted. In step S96, theuser management section 18 of the electronic distribution service center1 prepares registration information anew with information of the fixedapparatus 52 added in addition to the registration information receivedfrom the home server 51. Since step S97 is the same as step S85 of FIG.59, its description is omitted. Since step S98 is the same as step S86of FIG. 59, its description is omitted.

Then, in step S99A, the home server 51 transmits the receivedregistration information to the fixed apparatus 52, and in step S99B,the fixed apparatus 52 stores the received registration information inthe small storage section 75.

In step S94, if it is decided that registration of an apparatus having areceived ID is indispensable, the processing proceeds to step S99, wherethe user management section 18 of the electronic distribution servicecenter 1 prepares registration information indicating that only thefixed apparatus 52 is rejected registration (therefore, the home server51 stays registered), and the processing proceeds to step S97 (the factthat the home server 51 has succeeded in mutual authentication with theelectronic distribution service center 1 means that the home server 51is registrable).

In this way, the fixed apparatus 52 is additionally registered in theelectronic distribution service center 1 by the processing proceduresindicated in FIG. 60.

Timing for a registered apparatus to conduct update of a registration(update of registered information) will now be described. FIG. 61illustrates processing procedures for determining whether or not toconduct update of registered information based on various conditions,and in step S600, the home server 51 determines whether or not apredetermined period that is decided in advance has passed sinceobtaining a delivery: key K_(d), registration information or chargeinformation by a clock (not shown) and a determination section (notshown). If a positive result is obtained here, this means that thepredetermined period has passed since obtaining a delivery key K_(d),registration information or charge information, then, the processingproceeds to step S607, where the home server 51 executes updateprocessing of registration information. This processing will bedescribed later in FIG. 62.

On the other hand, if a negative result is obtained in step S600, thismeans that a predetermined period has not passed since obtaining adelivery key or charge information, that is updating conditions ofregistration information with respect to passage of a period has notbeen met, and then, the processing proceeds to step S601.

In step S601, the home server 51 determines whether or not the number oftimes of purchasing contents has reached a prescribed number of times.If a positive result is obtained here, the processing moves to stepS607, where the home server 51 executes registration informationupdating processing, whereas, if a negative result is obtained in stepS601, this means that updating conditions of registration informationhas not been met with respect to the number of times of purchasingcontents, thus, the processing proceeds to step S602.

In step S602, the home server 51 determines whether or not a purchaseamount of contents has reached a prescribed amount. If a positive resultis obtained here, the processing moves to step S607, where the homeserver 51 execute registration information updating processing, whereas,if a negative result is obtained in step S602, this means that updatingconditions of registration information has not been met with respect toa purchase amount of contents, the processing proceeds to the followingstep S603.

In step S603, the home server 51 determines whether or not an effectiveperiod of a delivery key K_(d) has expired. As means for determiningwhether or not an effective period of a delivery key K_(d) has expired,whether or not a version of a delivery key K_(d) of distributed datacoincides with a version of any of three versions of delivery keys K_(d)stored in the storage module 92, or whether or not a version of adelivery key K_(d) of distributed data is older than a version of thelatest delivery key K_(d). If the versions does not coincide or if theversion of the delivery key is older than the version of the latestdelivery key K_(d), this means that the effective period of the deliverykey K_(d) in the storage module 92 has expired, and the home server 51obtains a positive result in step S603, thus the processing proceeds tostep S603, where the home server 51 executes updating processing ofregistration information. On the other hand, if a negative result isobtained in step S603, this means that the updating conditions ofregistration information has not been met with respect to an effectiveperiod of a delivery key K_(d), then the processing proceeds to thefollowing step S604.

In step S604, the home server 51 determines if there is a change in anetwork configuration, such as whether or not another apparatus has beenconnected to the home server 51 anew, or whether or not anotherapparatus connected to the home server 51 has been disconnected. If apositive result is obtained here, this means that there has been achange in the network configuration, and then, the processing proceedsto step S607, where the home server 51 executes the updating processingof registration information. On the other hand, if a negative result isobtained in step S604, this means that the updating conditions ofregistration information is not met with respect to a networkconfiguration, and the processing proceeds to the following step S605.

In step S605, the home server 51 determines whether or not there hasbeen a registration information updating request from a user, and ifthere has been a registration information updating request, theprocessing proceeds to step S607, where the home server 51 executes theupdating processing of registration information, and if there has beenno registration information updating request, the processing proceeds tostep S606.

In step S606, the home server 51 conducts the update determination inthe above-mentioned steps S600 through S605 with respect to otherapparatuses connected to the home server 51, if a determination resultindicating that updating should be made is obtained, the processingproceeds to step S607, where the home server 51 executes the updatingprocessing of registration information, whereas, if a determinationresult indicating that updating should be made is not obtained, the homeserver 51 repeats similar processing from the above-mentioned step S600.Thus, the home server 51 can obtain timing for executing the updatingprocessing of registration information. Further, another apparatus maycheck its own update starting conditions and send a request to the homeserver 51 by itself instead of the home server 51 checking updatestarting conditions of another apparatus.

FIG. 62 is a flow chart illustrating operations for a registeredapparatus updating a registration (update of registered information),executing settlement processing, and receiving re-distribution of adelivery key K_(d). Since mutual authentication processing in step S100is similar to the processing described in FIG. 52, its description iscommitted. In step S101, the home server 51 encrypts charge informationstored in the storage module 92 using a temporary key K_(temp) in theencryption unit 112 of the encryption processing section 96, generates asignature by the signature generation unit 114, and adds a signature.Then, the home server 51 transmits the encrypted charge information andits signature to the electronic distribution service center 1 togetherwith a handling policy, price information and registration informationstored in the mass storage section 68. Further, at this moment, thehandling policy and the price information may not be sent by a model.This is because, in some cases, the content provider 2 and the serviceprovider 3 have transmitted them to the electronic distribution servicecenter 1 in advance, or necessary information among the handling policyand the price information is included in the charge information.

Since step S102 is the same as step S81 of FIG. 59, its description isomitted. Since step S103 is the same as step S82 of FIG. 59, itsdescription is omitted. In step S104, the user management section 18 ofthe electronic distribution service center 1 verifies a signature by thesignature verification unit 115, decrypts received charge information bya temporary key K_(temp) (if an electronic signature is attached to thereceived data, it is verified by the signature verification unit 115),and (if received) transmits the charge information to the history datamanagement section 15 together with the handling policy and the priceinformation. The history data management section 15 having received thismaintains and manages the received data.

In step S105, the user management section 18 of the electronicdistribution service center 1 verifies a registration item correspondingto an apparatus ID in the user registration database, and at the sametime, updates data. For example, the data is such data as a registrationdate or a charge status (not shown). Since step S106 is the same as stepS84 of FIG. 59, its description is omitted. In step S107, the usermanagement section of the electronic distribution service center 1encrypts a delivery key K_(d) supplied from the key server 14 by atemporary key K_(temp), and transmits the delivery key K_(d) to the homeserver 51 together with registration information.

In step S108, the home server 51 stores the received registrationinformation in the mass storage section 68. In step S109, the homeserver 51 inputs the received registration information in the encryptionprocessing section 65, where the home server 51 verifies an electronicsignature included in the registration information by the signatureverification unit 115, and at the same time, causes the unit to confirmif an apparatus ID of the home server 51 is registered, and when theverification is successful and it is confirmed that the chargeprocessing is completed, the processing proceeds to step S110. In stepS110, the home server 51 input the received delivery key K_(d) to theencryption processing section 65. In the encryption processing section65, the home server 51 decrypts the received delivery key K_(d) using atemporary key K_(temp) by the decryption unit 111 of theencryption/decryption module 96, stores (updates) the delivery key K_(d)in the storage module 92, and deletes charge information held in thestorage module 92 (this makes settlement completed).

In step S103, if it is decided that registration of an apparatus havingthe received ID is impossible, the processing proceeds to step S11,where the user management section 18 of the electronic distributionservice center 1 prepares registration information indicating thatregistration is rejected, and the processing proceeds to step S112. Instep S112, which is different from step S107, only registrationinformation is transmitted to the home server 51.

In step S109, if verification of a signature included in theregistration information is failed, or if “registration possible” is notwritten in an item of “registration” (e.g., charge processing failedpurchase processing not available, registration rejected—functions ofthe encryption processing section including processing such asreproduction stopped, transaction temporarily stopped—charge processingsuccessful, but purchase is stopped due to some reason, etc. arepossible) included in the registration information, the processingproceeds to step S113, and a predetermined error processing isperformed.

In this way, the home server 51 updates registration information, at thesame time, transmits charge information to the electronic distributionservice center 1, and receives supply of a delivery key K_(d) in return.

FIGS. 63 and 64 illustrate flow charts describing processing forsettlement, update of registration information, and update of a deliverykey K_(d). In step S120, the mutual authentication module 94 of the homeserver 51 and a mutual authentication module (not shown) of a fixedapparatus mutually authenticate. Since mutual authentication processingis the same as the processing described in FIG. 52, its description isomitted. Further, as described in the mutual authentication processing,since the home server 51 and the fixed apparatus 52 mutually exchangecertificates, it is assumed that they know their IDs each other. In stepS121, the upper controller 62 of the home server 51 reads outregistration information of the mass storage section 68, and causes theencryption processing section 65 to inspect the information. Theencryption processing section 65 having received the registrationinformation from the upper controller 62 verifies a signature in theregistration information, decides if the ID of the fixed apparatusexists, and if the ID of the fixed apparatus exists in the registrationinformation, the processing proceed to step S122.

In step S122, the encryption processing section 65 decides whether ornot the ID of the fixed apparatus 52 is registered in the registrationinformation, and if the ID of the fixed apparatus 52 is registered, theprocessing proceeds to step S123. In step S123, the encryptionprocessing section 73 of the fixed apparatus 52 reads out chargeinformation stored in the storage module, and encrypts the informationin the encryption unit using a temporary key K_(temp). In addition, theencryption processing section 73 generates a signature corresponding tothe charge information in the signature generation unit. Since thegeneration of an signature was described in FIG. 10, its description isomitted. The upper controller 72 having received the charge informationencrypted by the temporary key K_(temp) and its signature reads out acorresponding handling policy and price information from the smallstorage section 75, if necessary, and transmits the charge informationencrypted by the temporary key K_(temp) and its signature as well as thehandling policy and the price information corresponding to the chargeinformation, if necessary, to the home server 51.

The home server 51 having received the data stores the handling policyand the price information, if received, in the mass storage section 68,and at the same time, inputs the charge information encrypted by thetemporary key K_(temp) and its signature in the encryption processingsection 65. The encryption processing section 65 having received thecharge information encrypted by the temporary key K_(temp) and itssignature verifies the signature for the charge information encrypted bythe temporary key K_(temp) by the signature verification unit 115 of theencryption/decryption module 96. Since the verification of a signatureis the same as the processing described in FIG. 11, its details areomitted. Then, the decryption unit 111 of the encryption/decryptionmodule 96 decrypts the charge information encrypted by the temporary keyK_(temp).

In step S124, the home server 51 mutually authenticates with the mutualauthentication section 17 of the electronic distribution service center1, and shares a temporary key K_(temp2). In step S125, the home server51 encrypts the charge information transmitted from the fixed apparatus52 by the encryption unit 112 of the encryption/decryption module 96using the temporary key K_(temp2). At this moment, the home server 51may encrypts the charge information of the home server 51 as well. Inaddition, the home server 51 generates a signature corresponding to thecharge information encrypted by the temporary key K_(temp2) by thesignature generation unit 114 of the encryption/decryption module 96.The upper controller 62 having received the charge information encryptedby the temporary key K_(temp2) and its signature reads out a handlingpolicy, price information and registration information from the massstorage section 68, if necessary, and transmits the charge informationencrypted by the temporary key K_(temp2) and its signature, as well asthe handling policy, the price information and the registrationinformation, if necessary, to the user management section 18 of theelectronic distribution service center 1.

In step S126, the user management section 18 of the electronicdistribution service center 1 retrieves through the user registrationdatabase. In step S127, the user management section 18 decides whetheror not the home server 51 and the fixed apparatus 52 are registered asregistrable in the item “registration” in the user registrationdatabase, and if it is decided that they are registered, the processingproceeds to step S128. In step S128, the user management section 18 ofthe electronic distribution service center 1 verifies a signature forthe charge information encrypted by the temporary key K_(temp2), anddecrypts the charge information by the temporary key K_(temp2). Then,the user management section 18 transmits the charge information as wellas the handling policy and the price information, if received, to thehistory data management section 15. The history data management section15 having received the charge information as well as the handling policyand the price information, if received, manages and stores the data.

In step S129, the user management section 18 of the electronicdistribution service center 1 updates the user registration database(charge data receipt data and time, issued data and time of registrationinformation, date and time of a delivery key, etc.). In step S130, theuser management section 18 of the electronic distribution service center1 prepares registration information (e.g., an example of FIG. 8). Instep S131, the user management section 18 of the electronic distributionservice center 1 encrypts the delivery key K_(d) received from the keyserver 14 of the electronic distribution service center 1 by thetemporary key K_(temp2), and generates a signature for the delivery keyK_(d) encrypted by the temporary key K_(temp2). Then, the usermanagement section 18 transmits the delivery key K_(d) encrypted by thetemporary key K_(temp2) and the signature for the delivery key K_(d)encrypted by the temporary key K_(temp2).

In step S132, the home server 51 receives the registration information,the delivery key K_(d) encrypted by the temporary key K_(temp2) and thesignature for the delivery key K_(d) encrypted by the temporary keyK_(temp2). The upper controller 62 of the home server 51 inputs thedelivery key K_(d) encrypted by the temporary key K_(temp2) and thesignature for the delivery key K_(d) encrypted by the temporary keyK_(temp2) in the encryption processing section 65. In the encryptionprocessing section 65, the signature verification unit 115 of theencryption/decryption module 96 verifies the signature for the deliverykey K_(d) encrypted by the temporary key K_(temp2), the decryption unit111 of the encryption/decryption module 96 decrypts the delivery keyK_(d) using the temporary key K_(temp2), and the encryption unit 112 ofthe encryption/decryption module 96 re-encrypts the encrypted deliverykey K_(d) using the temporary key K_(temp) shared with the fixedapparatus 52. Finally, the signature generation unit 114 of theencryption/decryption module 96 generates a signature corresponding tothe delivery key K_(d) encrypted using the temporary key K_(temp), andreturns the delivery key K_(d) encrypted by the temporary key K_(temp)and the signature for the delivery key K_(d) encrypted by the temporarykey K_(temp). The upper controller 62 having received the delivery keyK_(d) encrypted by the temporary key K_(temp) and the signature for thedelivery key K_(d) encrypted by the temporary key K_(temp), transmitsthem to the fixed apparatus 52 together with the registrationinformation transmitted from the electronic distribution service center1.

In step S133, the upper controller 72 of the fixed apparatus 52overwrites and stores the received registration information in the smallstorage section 75. In step S134, the encryption processing section 73of the fixed apparatus 52 verifies a signature of the receivedregistration information, decides whether or not the item with respectto “registration” in the ID of the fixed apparatus 52 is marked“registration possible,” and if it is marked “registration possible,”the processing proceeds to step S135. In step S135, the upper controllerof the fixed apparatus 52 inputs the delivery key K_(d) encrypted by thetemporary key K_(temp) and the signature for the delivery key K_(d)encrypted by the temporary key K_(temp) in the encryption processingsection 73. The encryption processing section 73 verifies the signaturefor the delivery key K_(d) encrypted by the temporary key K_(temp),decrypts the delivery key K_(d) using the temporary key K_(temp),updates the delivery key K_(d) in the storage module of the encryptionprocessing section 73, and at the same time, deletes the chargeinformation (further, in some case, the charge information is notdeleted, but is attached a mark indicating it is settled).

In step S121, if the ID of the fixed apparatus 52 is not included in theregistration information, the processing proceeds to step S136, theregistration information addition processing described in FIG. 60 isstarted, and the processing proceeds to step S123.

In step S127, if the ID of the home server 51 and the ID of the fixedapparatus 52 are not marked “registration possible” with respect to theitem “registration” in the user registration database, the processingproceeds to step S137. Since the step S137 is the same as step S130, itsdetails are omitted. In step S138, the user management section 18 of theelectronic distribution service center 1 transmits the registrationinformation to the home server 51. In step S139, the home server 51transmits the registration information to the fixed apparatus 52.

In step S122, the item “registration” with respect to the ID of thefixed apparatus 52 in the registration information is not marked“registration possible,” or in step S134, the item “registration” withrespect to the ID of the fixed apparatus 52 in the registrationinformation is not marked “registration possible,” the processing ends.

Further, processing on behalf of the network according to this system isdescribed as only for processing of the fixed apparatus 52, all piecesof charge information of all the apparatuses connected to the homeserver 51 and the home server 51 itself may be collected and processedaltogether. Then, registration information and delivery keys K_(d) ofall the apparatuses are updated. (In this embodiment, receivedregistration information and a delivery key K_(d) are not checked at allin the home server 51. If processing of the home server 51 itself isperformed altogether, they should be checked and updated).

Processing in which the content provider 2 transmits a content providersecure container to the service provider 3, which corresponds to stepS43 of FIG. 56, will be described with reference to a flow chart of FIG.65. In step S140, the electronic watermark adding section 32 of thecontent provider 2 inserts predetermined data indicating the contentprovider 2, for example, a content provider ID, in the contents read outfrom the content server 31 in the form of an electronic watermark, andsupplies it to the compression section 33. In step S141, the compressionsection 33 of the content provider 2 compresses the contents in whichthe electronic watermark is inserted by a predetermined method such asATRAC, and supplies to the content encryption section 34. In step S142,the content key generation section 35 generates a key to be used as acontent key K_(co), and supplies it to the content encryption section 34and the content key encryption section 36. In step S143, the contentencryption section 34 of the content provider 2 encrypts the compressedcontents in which the electronic watermark is inserted by apredetermined method such as DES using the content key K_(co).

In step S144, the content key encryption section 36 encrypts the contentkey K_(co) with the individual key K_(i) supplied from the electronicdistribution service center 1 by the processing of step S40 of FIG. 56by a predetermined method such as DES. In step S145, the handling policygeneration section 37 provides for a handling policy of the contents,and generates a handling policy indicated in FIGS. 33 and 34. In stepS146, the signature generation section 38 of the content provider 2generates signatures for the encrypted contents, the encrypted contentkey K_(co), the encrypted individual key K_(i), and the handling policysupplied from the handling policy generation section 37. Since thegeneration of a signature was described with reference to FIG. 10, itsdescription is omitted here. In step S147, the content provider 2transmits the encrypted contents and its signature, the encryptedcontent key K_(co) and its signature, the encrypted individual key K_(i)and its signature, the handling policy and its signature (these fourdata with signatures will be hereinafter referred to as a contentprovider secure container), the certificate of the content provider 2obtained from the authentication station in advance to the serviceprovider 3 using a transmission section (not shown).

As described above, the content provider 2 transmits the contentprovider secure container to the service provider 3.

Processing in which the service provider 3 transmits a service providersecure container to the home server 51 will now be described withreference to a flow chart of FIG. 66. Further, description is madeassuming that the service provider 3 stores the data transmitted fromthe content provider 2 in the content server 41 in advance. In stepS150, the certificate verification section 42 of the service provider 3reads out the certificate of the content provider 2 from the contentserver 41, and verifies the signature in the certificate. Since theverification of a signature is the same as the method described withreference to FIG. 11, its details are omitted. If there is no tamper inthe certificate, the public key K_(pcp) of the content provider 2 istaken out.

In step S151, the signature verification section 43 of the serviceprovider 3 verifies the signature of the content provider securecontainer transmitted from the transmission section of the contentprovider 2 with the public key K_(pcp) of the content provider 2. (Insome cases, only the signature of the handling policy is verified). Ifthe verification of the signature is failed and tamper is found, theprocessing is terminated. Further, since the verification of a signatureis the same as the method described with reference to FIG. 11, itsdetails are omitted.

If there is no tamper in the content provider secure container, in stepS152, the pricing section 44 of the service provider 3 prepares priceinformation described in FIGS. 37 and 38 based on the handling policy.In step S153, the signature generation section 45 of the serviceprovider 3 generates a signature corresponding to the price information,and prepares a service provider secure container by combining thecontent provider secure container, the price information and thesignature of the price information.

In step S154, the transmission section (not shown) of the serviceprovider 3 transmits the certificate of the service provider 3, thecertificate of the content provider 2 and the service provider securecontainer to the transmission section 61 of the home server 51, andcompletes the processing.

In this way, the service provider 3 transmits the service providersecure container to the home server 51.

Details of the purchase processing of the home server 51 after receivingthe proper service provider secure container corresponding to step S45of FIG. 56 will be described with reference to the flow chart of FIG.67. After the home server executes the registration information updateprocessing described above with reference to FIGS. 61 and 62 in stepS161, in step S162, the upper controller 62 of the home server 51 inputsthe registration information read out from the mass storage section 68of the home server 51 in the encryption processing section 65 of thehome server 51. After verifying the signature of the registrationinformation by the signature verification unit 115 of theencryption/decryption module 96, the encryption processing section 65having received the registration information decides if the item“purchase processing” for the ID of the home server 51 is marked“purchase possible,” and at the same time, inspects if the item ofregistration is marked “registration possible,” and in case of “purchasepossible” and “registration possible,” the processing proceeds to stepS163. Further, the signature verification and inspection of“registration possible” and “purchase possible” may be performed in theregistration information inspection module 93. In step S163, the uppercontroller 62 of the home server 51 inputs the public key certificate ofthe content provider 2 read out from the mass storage section 68 of thehome server 51 in the encryption processing section 65 of the homeserver 51.

After verifying the signature of the certificate of the content provider2 by the signature verification unit 115 of the encryption/decryptionmodule 96, the encryption processing section 65 having received thepublic key certificate of the content provider 2 takes out the publickey of the content provider 2 from the public key certificate. If it isconfirmed that there is not tamper as a result of the verification ofthe signature, the processing proceeds to step S164. In step S164, theupper controller 62 of the home server 51 inputs the contents read outfrom the mass storage section 68 of the home server 51 in the encryptionprocessing section 65 of the home server 51. The encryption processingsection 65 having received the contents verifies the signature of thecontents by the signature verification unit 115 of theencryption/decryption module 96, and if it is confirmed that no tamperis made, the processing proceeds to step S165. In step S165, the uppercontroller 62 of the home server 51 inputs the content key K_(co) readout from the mass storage section 68 of the home server 51 in theencryption processing section 65 of the home server 51.

The encryption processing section 65 having received the content keyK_(co) verifies the signature of the content key K_(co) by the signatureverification unit 115 of the encryption/decryption module 96, and if itis confirmed that tamper is not made, the processing proceeds to stepS166. In step S166, the upper controller 62 of the home server 51 inputsthe individual key K_(i) read out from the mass storage section 68 ofthe home server 51 in the encryption processing section 65 of the homeserver 51. The encryption processing section 65 having received theindividual key K_(i) verifies the signature of the individual key K_(i)by the signature verification unit 115 of the encryption/decryptionmodule 96, and if it is confirmed that tamper is not made, theprocessing proceeds to step S167.

In step S167, the upper controller 62 of the home server 51 inputs thehandling policy read out from the mass storage section 68 of the homeserver 51 in the encryption processing section 65 of the home server 51.The encryption processing section 65 having received the handling policyverifies the signature of the handling policy by the signatureverification unit 115 of the encryption/decryption module 96, and if itis confirmed that tamper is not made, the processing proceeds to stepS168. In step S168, the upper controller 62 of the home server 51 inputsthe public key certificate of the service provider 3 read out from themass storage section 68 of the home server 51 in the encryptionprocessing section 65 of the home server 51.

After verifying the signature of the certificate of the service provider3 by the signature verification unit 115 of the encryption/decryptionmodule 96, the encryption processing section 65 having received thepublic key certificate of the service provider 3 takes out the publickey of the service provider 3 from the public key certificate. If it isconfirmed that tamper is not made as a result of the verification of thesignature, the processing proceeds to step S169. In step S169, the uppercontroller 62 of the home server 51 inputs the price information readout from the mass storage section 68 of the home server 51 in theencryption processing section 65 of the home server 51. The encryptionprocessing section 65 having received the price information verifies thesignature of the price information by the signature verification unit115 of the encryption/decryption module 96, and if it is confirmed thattamper is not made, the processing proceeds to step S170.

In step S170, the upper controller 62 of the home server 51 displaysinformation of purchasable contents (e.g., a purchasable utilizationform, a price, or the like) using the displaying means 64, and a userselects a purchase item using the inputting means 63. A signal inputtedfrom the inputting means 63 is transmitted to the upper controller 62 ofthe home server 51, and the upper controller 62 generates a purchasecommand based on the signal and inputs the purchase command in theencryption processing section 65 of the home server 51. Further, theinput processing may be performed upon starting the purchase processing.The encryption processing section 65 having received this generatescharge information and license conditions information from the handlingpolicy inputted in step S167 and the price information inputted in stepS169. Since the charge was described in FIG. 42, its details areomitted. Since the license conditions information was described in FIG.41, its details are omitted.

In step S171, the control section 91 of the encryption processingsection 65 stores the charge information generated in step S170 in thestorage module 92. In step S172, the control section 91 of theencryption processing section 65 transmits the license conditionsinformation generated in step S170 to the external memory controlsection 97 of the encryption processing section 65. After checkingtamper of the external memory 67, the external memory control section 97having received the license conditions information writes the licenseconditions information in the external memory 67. Tamper check inwriting the license conditions information will be described latter withreference to FIG. 69. In step S173, the control section 91 of theencryption processing section 65 decrypts the individual key K_(i)inputted in step S166 by the decryption unit 111 of theencryption/decryption module 96 using the delivery key K_(d) suppliedfrom the storage module 92. Then, the control section 91 of theencryption processing section 65 decrypts the content key K_(co)inputted in step S165 by the decryption unit 111 of theencryption/decryption module 96 using the previously decryptedindividual key K_(i). Finally, the control section 91 of the encryptionprocessing section 65 decrypts the content key K_(co) by the decryptionunit 112 of the encryption/decryption module 96 using the save keyK_(save) supplied from the storage module 92. In step S174, the contentkey K_(co) encrypted by the save key K_(save) is stored in the externalmemory 67 via the external memory control section 97 of the encryptionprocessing section 65.

If it is determined that the home server 51 is an apparatus that cannotperform purchase processing in step S162, if it is determined that thesignature of the public key certificate of the content provider 2 is notcorrect in step S163, if it is determined that the signature of thecontents encrypted by the content key K_(co) is not correct in stepS164, if it is determined that the signature of the individual key K_(i)encrypted by the delivery key K_(d) is not correct, if it is determinedthat the signature of the handling policy is not correct in step S167,if it is determined that the signature of the certificate of the serviceprovider 3 is not correct in step S168, or if it is determined that thesignature of the price information is not correct in step S169, theprocessing proceeds to step S176, where the home server 51 performserror processing. Further, only a signature for the content key K_(co)and the individual key K_(i) may be verified by uniting the processingof step S165 and step S166.

As described above, the home server 51 stores the charge information inthe storage module 92, and at the same time, after decrypting thecontent key K_(co) by the individual key K_(i), encrypts the content keyK_(co) by the save key K_(save) and causes the external memory 67 tostore it.

The fixed apparatus 52 also stores the charge information in the storagemodule of the encryption processing section 73 by the similarprocessing, and at the same time, decrypts the content key K_(co) by theindividual key K_(i), encrypts the content key K_(co) by the save keyK_(save2) (which is different from the key of the home sever 51), andcauses the external memory 79 to store it.

FIG. 68 is a flow chart describing a method of tamper check that theexternal memory control section 97 of the encryption processing section65 performs when reading out data from the external memory 67. In stepS180 of FIG. 68, the external memory control section 97 of theencryption processing section 65 retrieves a position of data to be readout from the external memory 67 (e.g., first data of the first block ofFIG. 16). In step S181, the external memory section 97 of the encryptionprocessing section 65 calculates a hash value (a hash value of theentire first block of FIG. 16) with respect to all data in an identicalblock including data that is planned to be read out in the externalmemory 67. At this moment, data other than the data that is planned tobe read out (e.g., a content key 1 and license conditions information 1)is destroyed after used for the hash value calculation. In step S182,the hash value calculated in step S181 and a hash value (ICV₁) stored inthe storage module 92 of the encryption processing section 65 arecompared. If the hash values coincide, the memory control section 97transits the data read out in step S181 to the control section 91 viathe external memory control section 97, and if the hash values do notcoincide, the processing proceeds to step S183, where the externalmemory control section 97 prohibits writing thereafter assuming that thememory block is tampered (wrong block). For example, given that theexternal memory is a flash memory of 4 MB, it is assumed that the memoryis divided into 64 blocks. Therefore, 64 hash values are stored in thestorage module. In case of reading out data, a location where the datais first retrieved, and a hash value with respect to all data in anidentical block including the data is calculated. Tamper is checked bydetermining whether or not the hash value coincides with the hash valuecorresponding to the block in the storage module (see FIG. 16).

In this way, the external memory control section 97 of the encryptionprocessing section 65 performs tamper check of the external memory 67,and reads out data.

FIG. 69 is a flow chart describing a method of tamper check that theexternal memory control section 97 of the encryption processing section65 performs when writing data in the external memory 67. In step S190Aof FIG. 69, the external memory control section 97 of the encryptionprocessing section 65 retrieves a location in the external memory 67 inwhich data can be written. In step S191A, the external memory controlsection 97 of the encryption processing section 65 determines whether ornot there is a vacant area in the external memory 67, and if it isdetermined that there is a vacant area, the processing proceeds to stepS192A. In step S193A, the external memory control section 97 comparesthe hash value calculated in step S192A and the hash value stored in thestorage module 92 of the encryption processing section 65, and if thehash values coincide, the processing proceeds to step S194A. In stepS194A, the external memory control section 97 writes data in a region inwhich data is planned to be written. In step S195A, the external memorycontrol section 97 of the encryption processing section 65 recalculatesa hash value with respect to all data in the data block in which thedata is written. In step S196A, the control section 91 updates the hashvalue in the storage module 92 of the encryption processing section 65to the hash value calculated in step S195A.

In step S193A, if the calculated hash value is different from the hashvalue in the storage module 92, the control section 91 regards thememory block as a wrong block (e.g., changes the hash value to a valueindicating a wrong block), and the processing proceeds to step S190A.

If it is determined that there is no vacant area in the external memory67 in step S191A, the processing proceeds to step S198A, and in stepS198A, the external memory control section 97 returns a writing error tothe control section 91, and terminates the processing.

In a method for renewing (updating) the external memory control section97 to the external memory 67, as shown in FIG. 70, the external memorycontrol section 97 of the encryption processing section 65 retrieves alocation to which data in the external memory 67 is to be renewed. Instep S192B, the external memory control section 97 of the encryptionprocessing section 65 calculates a hash value with respect to all datain a data block that is planned to be renewed. In step S193B, theexternal memory control section 97 compares the hash value calculated instep S192B and the hash value stored in the storage module 92 of theencryption processing section 65, and if the hash values coincide, theprocessing proceeds to step S194B. In step S194B, the external memorycontrol section 97 renews data in a region that is planned to berenewed. In step S195B, the external memory control section 97 of theencryption processing section 65 calculates a hash value with respect toall data in the data block to which the data is written. In step S196B,the control section 91 updates the hash value in the storage module 92of the encryption processing section 65 to the hash value calculated instep S195B.

In step S193B, if the calculated hash value is different from the hashvalue in the storage module 92, the control section 91 regards thememory block as a wrong block (e.g., changes the hash value to a valueindicating a wrong block), and considers that the renewal is failed.

Method for deleting data of the external memory 79 will be describedwith reference to FIG. 71. In step S190C, the external memory controlsection of the encryption processing section 73 retrieves a location inwhich data of the external memory 79 will be deleted. In step S192C, theexternal memory control section of the encryption processing section 73calculates a hash value with respect to all data in a data block that isplanned to be deleted. In step S193C, the external memory controlsection compares the hash value calculated in step S192C and the hashvalue stored in the storage module (not shown) of the encryptionprocessing section 73, and if the hash values coincides, the processingproceeds to step S194C. In step S194C, the external memory controlsection deletes data that is planned to be deleted in the region that isplanned to be deleted. In step S195C, the external memory controlsection of the encryption processing section 73 recalculates a hashvalue with respect to all the data in the data block in which the datathat is planned to be deleted is deleted. In step S196C, the encryptionprocessing section 73 updates the hash value in the storage module tothe hash value calculated in step S195C.

In step S193C, if the calculated hash value is different from the hashvalue in the storage module, the encryption processing section 73regards the memory block as a wrong block (e.g., changes the hash valueto a value indicating a wrong block), and considers that the deletion isfailed.

Details of processing in which the homes server 51 reproduces contentscorresponding to step S46 of FIG. 56 will be described with reference toflow charts of FIGS. 72 and 73. In step S200, the upper controller 62 ofthe home server 51 inputs an ID corresponding to contents that the uppercontroller 62 is instructed by the inputting means 63 of the home server51 to reproduce in the encryption processing section 65 of the homeserver 51. In step S201, the control section 91 of the encryptionprocessing section 65 that has received the ID of the contents to bereproduced transmits the content ID to the external memory controlsection 97 of the encryption processing section 65, and causes theexternal memory control section 97 to retrieve a content key K_(co) andlicense conditions information corresponding to the content ID. At thismoment, the control section 91 confirms that the license conditionsinformation is a right that can be reproduced. In step S202, theexternal memory control section 97 of the encryption processing section65 calculates a hash value of a data block including the content keyK_(co) and the license conditions information, and transmits the hashvalue to the control section 91 of the encryption processing section 65.In step S203, the control section 91 of the encryption processingsection 65 determines whether or not the hash value stored in thestorage module 92 of the encryption processing section 65 and the hashvalue received in step S202 coincide, and if the hash values coincide,the processing proceeds to step S204.

In step S204, the control section 91 of the encryption processingsection 65 updates license conditions information, if necessary. Forexample, if a utilization right in the license conditions information isa commutation ticket, the control section 91 performs processing such asfor subtracting the number of times. Therefore, in case of a buy onlyright or the like that does not need to be updated, the processing jumpsto step S208 (not shown). In step S205, the external memory controlsection 97 rewrites the updated license conditions informationtransmitted from the control section 91 to the external memory 67 andupdates it. In step S206, the external memory control section 97recalculates a hash value with respect to all the data in the rewrittendata block, and transmits it to the control section 91 of the encryptionprocessing section 65. In step S207, the control section 91 of theencryption processing section 65 rewrites the hash value stored in thestorage module 92 of the encryption processing section 65 to the hashvalue calculated in step S206.

In step S208, the encryption processing section 65 and the extensionsection 66 mutually authenticates, and shares the temporary keyK_(temp). Since the mutual authentication processing was described withreference to FIG. 51, its details are omitted. In step S209, thedecryption unit 111 of the encryption/decryption module 96 decrypts thecontent key K_(co) read out from the external memory 97 by the save keyK_(save) supplied form the storage module 92. In step S210, theencryption unit 112 of the encryption/decryption module 96 re-encryptsthe content key K_(co) by the temporary key K_(temp) previously sharedwith the extension section 66. In step S211, the control section 91 ofthe encryption processing section 65 transmits the content key K_(co)encrypted by the temporary key K_(temp) to the extension section 66 viathe upper controller 62.

In step S212, the key decryption module 102 of the extension section 66decrypts the content key K_(co) by the temporary key K_(temp) suppliedfrom the mutual authentication module 101. In step S213, the uppercontroller 62 reads out contents from the mass storage section 68, andsupplies them to the extension section 66. The encryption module 103 ofthe extension section 66 having received the contents decrypts thecontents using the content key K_(co) supplied from the key decryptionmodule 102. In step S214, the extension module 104 of the extensionsection 66 extends the contents with a predetermined method, forexample, such a method as ATRAC. In step S215, the electronic watermarkaddition module 105 inserts the data instructed by the encryptionprocessing section 65 in the contents in the form of a watermark (thedata handed to the extension section from the encryption processingsection is not limited to the content key K_(co), but includesreproduction conditions (an analogue output, a digital output, an outputwith copy control signal (SCMS)), an apparatus ID that purchased thecontent utilization right and the like. Data to be inserted is an ID ofan apparatus that purchased the content utilization right (i.e., anapparatus ID in the license conditions information) or the like. In stepS216, the extension section 66 reproduces music via a speaker (notshown).

In this way, the home server 51 reproduces contents.

FIG. 74 is a flow chart illustrating details of processing in which thehome server 51 purchases a content utilization right on behalf of thefixed apparatus 52. In step S220, the home server 51 and the fixedapparatus 52 mutually authenticates. Since the mutual authenticationprocessing is similar to the processing described in FIG. 52, itsdescription is omitted. In step S221, the upper controller 62 of thehome server 51 causes the encryption processing section 65 of the homeserver 51 to inspect registration information read out from the massstorage section 68 of the home server 51. The encryption processingsection 65 having received the registration information from the uppercontroller 62 causes the signature verification unit 115 of theencryption/decryption module 96 to verify a signature attached to theregistration information by a public key of the electronic distributionservice center 1 supplied form the storage module 92 of the encryptionprocessing section 65. After successful verification of the signature,the control section 91 of the encryption processing section 65 decidesif an ID of the fixed apparatus is registered in the registrationinformation and the items of “registration” and “purchase” are marked“registration possible” and “purchase possible,” and if it is decidedthat the item is marked “registration possible,” the processing proceedsto step S222 (Further, the fixed apparatus 52 also inspects theregistration information and decides that the home server is“registration possible.”) Since steps S225 to S227 are similar to stepsS160 to S171 of FIG. 67, their details are omitted.

In step S228, the control section 91 of the encryption processingsection 65 decrypts the individual key K_(i) encrypted by the deliverykey K_(d) inputted in step S225 by the decryption unit 111 of theencryption/decryption module 96 using the delivery key K_(d) suppliedfrom the storage module 92. Then, the control section 91 of theencryption processing section 65 decrypts the content key K_(co)encrypted by the individual key K_(i) inputted in step S225 by thedecryption unit 111 of the encryption/decryption module 96 using theindividual key K_(i). Then, the control section 91 of the encryptionprocessing section 65 re-encrypts the content key K_(co) by theencryption unit 112 of the encryption/decryption module 96 using thetemporary key K_(temp) that was shared with the fixed apparatus 52 atthe time of the mutual authentication of step S220. In step S229, thecontrol section 91 of the encryption processing section 65 generatessignatures using the signature generation unit 114 of theencryption/decryption module 96 with respect to the content key K_(co)encrypted by the temporary key K_(temp) and the license conditionsinformation generated in step S226, and transmits them to the uppercontroller 62. The upper controller 62 of the homes server 51 havingreceived the content key K_(co) encrypted by the temporary key K_(temp),the license conditions information and their signatures reads out thecontents (including a signature; hereinafter the same) encrypted by thecontent key K_(co) from the mass storage section 68, and transmits thecontent key K_(co) encrypted by the temporary key K_(temp), the licenseconditions information, their signatures and the contents encrypted bythe content key K_(co) to the fixed apparatus 52.

In step S230, the fixed apparatus 52 having received the content keyK_(co) encrypted by the temporary key K_(temp), the license conditionsinformation, their signatures and the contents encrypted by the contentkey K_(co) outputs the contents encrypted by the contents key K_(co) tothe record reproduction section 76 after verifying the signature. Therecord reproduction section 76 of the fixed apparatus 52 having receivedthe contents encrypted by the content key K_(co) stores the contentsencrypted by the content key K_(co) in the recording medium 80.

In step S231, the encryption processing section 73 of the fixedapparatus 52 decrypts the content key K_(co) encrypted by the temporarykey K_(temp) by the decryption unit of the encryption/decryption moduleusing the temporary key K_(temp) that was shared with the homes server51 at the time of the mutual authentication in step S220. Then, thecontrol section of the encryption processing section 73 re-encrypts thecontent key K_(co) by the encryption unit of the encryption/decryptionmodule using the save key K_(save2) supplied from the storage module ofthe encryption processing section 73.

In step S232, the encryption processing section 73 of the fixedapparatus 52 transmits the content key K_(co) encrypted by the save keyK_(save2) and the license conditions information received in step S230to the external memory control section of the encryption processingsection 73, and causes the external memory 79 to save them. Sinceprocessing in which the external memory control section writes data inthe external memory was described in FIG. 69, details are omitted.

In this way, the home sever 51 purchases a content utilization right,charge information is stored in the home server 51 side, and autilization right is transferred to the fixed apparatus 52.

FIG. 75 is a flow chart illustrating processing for changing a purchasedcontent utilization right to another utilization form to purchase it.Since steps S240 to S245 are similar to the processing described in FIG.67, its description is omitted. In step S246, the encryption processingsection 65 of the home server 51 causes the external memory controlsection 97 of the encryption processing section 65 to read out licenseconditions information of contents whose utilization right is changed.Since reading out of data from the external memory 67 was described withreference to FIG. 68, its details are omitted. If the license conditionsinformation is correctly read out in step S246, the processing proceedsto step S247.

In step S247, the upper controller 62 of the home server 51 displaysinformation of content whose utilization right contents can be changed(e.g., a utilization form or a price whose utilization right contentscan be changed) using the display means 64, and a user selectsutilization right contents update conditions using the inputting means63. The signal inputted from the inputting means 63 is transmitted tothe upper controller 62 of the home server 51, and the upper controller62 generates a utilization right content change command based on thesignal and inputs the utilization right contents change command in theencryption processing section 65 of the home server 51. The encryptionprocessing section 65 having received this generates charge informationand new license conditions information from the handling policy receivedin step S243, the price information received in step S245 and thelicense conditions information read out in step S247.

Since step S248 is similar to step S171 of FIG. 67, its detaileddescription is omitted. In step S249, the control section 91 of theencryption processing section 65 outputs the license conditionsinformation generated in step S247 to the external memory controlsection 97 of the encryption processing section 65. The external memorycontrol section 97 overwrites the received license conditionsinformation in the external memory 67 and updates it. Since the methodof rewriting (updating) method to the external memory 67 of the externalmemory control section 97 was described in FIG. 70, its details areomitted.

In step S246, if license conditions information corresponding to thecontent ID attached to the right contents change command was not foundin the external memory 67, or if tamper was found in a storage block ofthe external memory in which the license conditions information isstored (which has been described with reference to FIG. 68), theprocessing proceeds to step S251, and predetermined error processing isperformed.

In this way, the home server 51 can purchase a new right using analready purchased right (described in the license conditionsinformation), a handling policy and price information, and changeutilization right contents.

FIGS. 76 and 77 illustrate concrete examples of a rule portion of ahandling policy and price information. In FIG. 76, the handling policyis composed of a rule number attached to each utilization right as aserial number, a utilization contents number indicating utilizationright contents, its parameter, a minimum sales price, and a profit ratioof a content provider, in which, for example, five rules are written.Since a rule 1 has a utilization right contents number 1 as a rightitem, it is seen from FIG. 44 that the right is a right without areproduction right, time and number of times limitations. In addition,it is seen that there is no specific description in the item of aparameter. The minimum sales price is ¥350, and a share of the contentprovider 2 is 30% of the price. Since a rule 2 has a utilization rightcontents number 2 as the right item, it is seen from FIG. 44 that theright is a right with a reproduction right and time limitation andwithout number of times limitation. In addition, it is seen from theitem of a parameter that a utilization possible period is one hour. Theminimum sales price is ¥100, and the share of the content provider 2 is30% of the price. Since a rule 3 has a utilization right contents number6 as the right item, it is seen from FIG. 44 that the right is a rightwithout a reproduction right (without a copy control signal), withouttime limitation and with number of times limitation. In addition, it isseen from the item of a parameter that the utilization possible numberof times is one. The minimum sales price is ¥30, and the share of thecontent provider 2 is 30% of the price.

Since a rule 4 has a utilization right contents number 13 as the rightitem, it is seen from FIG. 44 that the right is utilization contentschange. It is seen from the item of a parameter that a changeable rulenumber from #2 (with a reproduction right, with time limitation andwithout number of times limitation) to #1 (without a reproduction:right, time and number of times limitation). The minimum price is ¥200,and the share of the content provider 2 is 20% of the price. The minimumsales price is presented lower than that of the rule 1 because it isconsidered that an already purchased right it traded in and repurchased,and the share of the content provider 2 is presented lower than that ofthe rules 1 in order to increase the share of the electronicdistribution service center 1 that performs actual work (since thecontent provider 2 has no work at the time of right contents change).

Since a rule 5 has a utilization right contents number 14 as the rightitem, it is seen from FIG. 44 that the right is redistribution. It isseen from the item of a parameter that redistribution possibleconditions is that an apparatus having the rule number #1 (without areproduction right, time and number of times limitation) purchases andredistribute the rules number #1 (without a reproduction right, time andnumber of times limitation). The minimum sales price is ¥250, and theshare of the content provider 2 is 20% of the price. The minimum salesprice is lower than that of the rule 1 because it is considered that anapparatus having an already purchased right repurchases identicalcontents, and the share of the content provider 2 is presented lowerthan that of the rule 1 in order to increase the share of the electronicdistribution service center 1 that performs actual work (since thecontent provider 2 does not have work at the time of redistribution).

In FIG. 77, the price information is composes of a rule number attachedto each utilization right as a serial number, a parameter and priceinformation. Five rules are also described in this price information. Arule 1 is price information corresponding to the rule #1 of the handlingpolicy, and indicates that a price is ¥500 and a share of the serviceprovider 3 is 30% when the utilization contents number #1 is purchased.Therefore, out of ¥500 paid by a user, the content provider 2 takes¥150, the service provider 3 takes ¥150, and the electronic distributionservice center 1 takes ¥200. Since rules 2 to 5 are similar, theirdetails are omitted.

Further, in rules 4 and 5, the share of the service provider 2 is fewerthan that of the rule 1 because a user apparatus performs distributionwork on behalf of the service provider 2, and the electronicdistribution service center 1 performs collection of prices.

In addition, although the rule numbers are serial numbers from #1 to #5in this example, this is not necessarily the case. Since a personpreparing price information sets a utilization contents number and anumber for each rule number, and arranges ones extracted from thenumbers, the rule numbers are not generally serial numbers.

FIG. 78 illustrates a specific example when the right contents changedescribed in FIG. 75 is performed. The handling policy is composed of arule number attached to each utilization right as a serial number, autilization contents number indicating utilization right contents, itparameter, a minimum sales price, and a profit ratio of a contentprovider, the price information is composes of a rule number attached toeach utilization right as a serial number, a parameter and priceinformation, and the license conditions information is composed of arule number attached to each utilization right as a serial number, autilization right contents number indicating utilization right contents,and its parameter. The home server 51 has already purchased a right witha reproduction right with the rule number #2 and time limitation, andthe rule number #2 is described in the license conditions informationindicating right contents, which indicates that remaining utilizationpossible time is thirty minutes, and accumulated two hours of purchasehas been performed so far. If it is tried to change the right from withtime limitation to without time limitation now, it is seen from a rule 3of the handling policy, a rule 3 of the price information and thelicense conditions information that the right can be changed to withouta reproduction right, time and number of times limitation with ¥200, andthe license conditions information changes to without a reproductionright, time and number of times limitation of the rule number #1 and theutilization right contents number (a parameter in case of theutilization right contents number #1 will be described later. Inaddition, in this example, changing the right contents once after buyinga right with time limitation is cheaper than directly buying a rightwithout a reproduction right, time and number of times limitation. Thus,it is better to put a discount considering accumulated utilization time.

FIG. 79 is a flow chart illustrating details of processing in which thehome server 51 purchases a content utilization right for the fixedapparatus 52 and redistributes the utilization right. Since steps S260to S264 are similar to steps S220 to S225 of FIG. 74, their detaileddescription is omitted. In step S265, the encryption processing section65 of the home server 51 causes the external memory control section 97of the encryption processing section 65 to read out from the externalmemory 67 license conditions information and the content key K_(co)encrypted by the save key K_(save) corresponding to contents that istried to be redistributed. Since a method of reading out from theexternal memory 67 by the external memory control section 97 wasdescribed in FIG. 68, its details are omitted. If successfully read out,the processing proceeds to step S266.

In step S266, the upper controller 62 of the home server 51 displaysinformation whose contents can be redistributed (e.g., a utilizationform or a price whose contents can be redistributed) using the displaymeans 64, and a user selects redistribution contents conditions usingthe inputting means 63. Further, this selection processing may beperformed at the time of starting the redistribution processing inadvance. The signal inputted from the inputting means 63 is transmittedto the upper controller 62 of the home server 51, and the uppercontroller 62 generates a redistribution command based on the signal andinputs the redistribution command in the encryption processing section65 of the home server 51. The encryption processing section 65 havingreceived this generates charge information and new license conditionsinformation from the handling policy and the price information receivedin step S264, and the license conditions information read out in stepS265.

Since step S267 is similar to step S171 of FIG. 67, its detaileddescription is omitted. In step S268, the control section 91 of theencryption processing section 65 decrypts the content key K_(co)encrypted by the save key K_(save) read out in step S265 by thedecryption unit 111 of the encryption/decryption module 96 using thesave key K_(save) supplied from the storage module 92. Then, the controlsection 91 of the encryption processing section 65 re-encrypts thecontent key K_(co) by the encryption unit 112 of theencryption/decryption module 96 using the temporary key K_(temp) thatwas shared with at the time of mutual authentication in step S260.Finally, the signature generation unit 114 of the encryption/decryptionmodule 96 generates signatures corresponding to the content key K_(co)encrypted by the temporary key K_(temp) and the new license conditionsinformation generated in step S266, and returns it to the controlsection 91 of the encryption processing section 65.

Since processing of steps S269 to S272 is similar to steps S229 to S232of FIG. 74, its details are omitted.

In this way, the home server 51 can perform redistribution of contentsby creating new license conditions information from a utilization right(license conditions information) it owns and a handling policy, priceinformation, and transmitting the information to the fixed apparatus 52together with the content key K_(co) and contents it owns.

FIG. 80 is a flow chart illustrating details of processing in which thehome server 51 transmits license conditions information and content keyK_(co) to the fixed apparatus 52 and the fixed apparatus 52 purchases acontent utilization right. In step S280, the encryption processingsection 73 of the fixed apparatus 52 decides whether or not a total ofcharges of charge information stored in the storage module of theencryption processing section 73 has reached an upper limit, and if ithas not reached the upper limit, the processing proceeds to step S281(Further, the decision may be made by an upper limit of the number ofcharge processing instead of the upper limit of charges).

In step S281, the upper controller 72 of the fixed apparatus 52 inputsthe registration information read out from the small storage section 75of the fixed apparatus 52 in the encryption processing section 73 of thefixed apparatus 52. The encryption processing section 73 having receivedthe registration information decides if the item of “purchaseprocessing” for the ID of the fixed apparatus 52 is marked “purchasepossible” after verifying a signature of the registration information bya signature verification unit of an encryption/decryption module (notshown), and if it is “purchase possible,” the processing proceeds tostep S282.

Since step S282 is similar to step S220 of FIG. 74, its details areomitted. Since step S283 is similar to step S221 of FIG. 74, its detailsare omitted (the home server 51 decides whether or not the fixedapparatus 52 is registered, and the fixed apparatus 52 decides whetheror not the home server 51 is registered). Since step S284 is similar tostep S265 of FIG. 79, its details are omitted. Since step S285 issimilar to step S268 of FIG. 79, its details are omitted. In step S286,the control section 91 of the encryption processing section 65 generatessignatures with respect to the content key K_(co) encrypted by thetemporary key K_(temp) and the license conditions information read outin step S284 using the signature generation unit 114 of theencryption/decryption module 96, and transmits them to the uppercontroller 62. The upper controller 62 of the home server 51 havingreceived the content key K_(co) encrypted by the temporary key K_(temp)and the license conditions information and their signatures reads outthe contents encrypted by the content key K_(co), the handling policyand its signature, if necessary, and the price information and itssignature from the mass storage section 68, and transmits the contentkey K_(co) encrypted by the temporary key K_(temp) and the licenseconditions information, the contents encrypted by the content keyK_(co), the handling policy and its signature, and the price informationand its signature to the fixed apparatus 52.

Since step S287 is similar to step S230 of FIG. 74, its details areomitted. Since step S288 is similar to step S225 of FIG. 74, its detailsare omitted. In step S289, the upper controller 72 of the fixedapparatus 52 displays information whose contents can be redistributed(e.g., a utilization form or a price whose contents can beredistributed) using the display means 78, and a user selectsredistribution contents conditions using the inputting means 77.Further, this selection processing may be performed at the time ofstarting the redistribution processing in advance. The signal inputtedfrom the inputting means 77 is transmitted to the upper controller 72 ofthe fixed apparatus 52, and the upper controller 72 generates aredistribution command based on the signal and inputs the redistributioncommand in the encryption processing section 73 of the fixed apparatus52. The encryption processing section 73 having received this generatescharge information and new license conditions information from thehandling policy, the price information and the license conditionsinformation received in step S286.

In step S290, the encryption processing section 73 of the fixedapparatus 52 stores the charge information generated in step S289 in astorage module (not shown) of the encryption processing section 73. Instep S291, the encryption processing section 73 of the fixed apparatus52 decrypts the content key K_(co) encrypted by the temporary keyK_(temp) received in step S286 by a decryption unit (not shown) of theencryption processing section 73 using the temporary key K_(temp) sharedin step S282. Then, the encryption processing section 73 of the fixedapparatus 52 encrypts the content key K_(co) by an encryption unit (notshown) of the encryption processing section 73 using the save keyK_(save2) supplied form a storage module (not shown) of the encryptionprocessing section 73.

In step S292, the encryption processing section 73 of the fixedapparatus 52 transmits the license conditions information generated instep S289 and the content key K_(co) encrypted by the save key K_(save2)generated in step S291 to an external memory control section (not shown)of the encryption processing section 73. The external memory controlsection having received the license conditions information and thecontent key K_(co) encrypted by the save key K_(save2) writes thelicense conditions information and the content key K_(co) encrypted bythe save key K_(save2) in the external memory 79. Since the tamper checkin writing was described with reference to FIG. 69, its details areomitted.

In this way, the fixed apparatus 52 can receive redistribution ofcontents by receiving a utilization right (license conditionsinformation) owned by the home server 51, a handling policy, priceinformation, a content key K_(co), and contents from the home server 51,and creating new license conditions information in the fixed apparatus52.

FIG. 81 illustrates a managed transfer right. Managed transfer means anoperation capable of transferring a reproduction right from an apparatus1 to an apparatus 2, which is the same as normal transfer in that theright is transferred from the apparatus 1 to the apparatus 2, but isdifferent from normal transfer in that the apparatus 2 cannot retransferthe received reproduction right (the apparatus 1 after transferring areproduction right cannot retransfer the reproduction right as in thenormal transfer). The apparatus 2 having received the reproduction rightby the managed transfer can return the reproduction right to theapparatus 1, and after returning the reproduction right, the apparatus 1can transfer the reproduction right again and the apparatus 2 cannotcontinue to transfer the reproduction right. In order to realize these,a purchaser of the managed transfer right and a current holder of themanaged transfer right are managed in the license conditions information(here, it is assumed that the managed transfer can only be performed ifthe utilization content number #1 is held, but this can be extended tothe utilization right content number #2).

In FIG. 81, since the rule 1 of the handling policy was described inFIG. 78, its details are omitted. Since a right item of the rule 2 isthe utilization right content number 16, it is seen from FIG. 44 thatthe right is the managed transfer right. In addition, it is seen thatthere is no specific description in the item of a parameter. The minimumsales price is ¥100, and the share of the content provider 2 is 50% ofthe price. The share of the content provider 2 is presented higher thanthat of the rule 1 because, since the service provider 3 does notperform actual work at all, its share is transferred to the share of thecontent provider 2.

In FIG. 81, since the rule 1 of price information was described in FIG.78, its details are omitted. The rule 2 is price information of the rule#2 of a handling policy, and indicates that the price is ¥100 and theshare of the service provider 3 is 0% when the utilization right contentnumber #16 is purchased. Therefore, out of ¥100 paid by a user, thecontent provider 2 takes ¥50, the service provider 3 takes ¥0, and theelectronic distribution service center 1 takes ¥50.

In FIG. 81, the user first purchases the rule number #1 (without areproduction right, time and number of times limitation). However, theuser does not have the managed transfer right then (the state of a inFIG. 81). Then, the user purchases the managed transfer right (sincethese operations happens in an instance, it looks as if the userpurchased all at a time). Concerning the rule number of the licenseconditions, an ID of an encryption processing section indicating apurchase (hereinafter referred to as a purchaser) is ID1 (e.g., an ID ofthe home server 51), and an ID of an encryption processing sectionholding the reproduction right (hereinafter referred to as a holder) isID2 (the state of b in FIG. 81). If this is transferred to the fixedapparatus 52 by performing the managed transfer, in the rule section ofthe license conditions information held by the home server 51, thepurchase is still ID1, but the holder is changed to ID2. In addition, inthe rule section of the license conditions information held by the fixedapparatus 52 having received the reproduction right by the managedtransfer, the purchase is ID1 and the holder is ID2, which is the sameas the license conditions information of the home server 51.

FIG. 82 is a flow chart illustrating details of the transfer processingof the managed transfer right. In FIG. 82, since step S300 is similar tostep S220 of FIG. 74, its details are omitted. In addition, since stepS301 is similar to step S221 of FIG. 74, its details are omitted. Sincestep S302 is similar to step S246 of FIG. 75, its details are omitted.In step S303, the encryption processing section 65 of the home server 51inspects the rule section of the read out license conditionsinformation, and decides if the use right is without the reproductionright, time and number of times limitation and with the managed transferright. If it is decided that there is the managed transfer right, theprocessing proceeds to step S304.

In step S304, the control section 91 of the encryption processingsection 65 decides if both the purchaser and the holder of the managedtransfer right are the ID of the home server 51. If it is decided thatboth the purchase and the holder of the managed transfer right is the IDof the home server 51, the processing proceeds to step S305. In stepS305, the control section 91 of the encryption processing section 65rewrites the holder of the managed transfer right of the licenseconditions information to the ID of the fixed apparatus 52. In stepS306, the control section 91 of the encryption processing section 65outputs the license conditions information rewritten in step S305 to theexternal memory control section 97 of the encryption processing section65. The external memory control section 97 of the encryption processingsection 65 having received the license conditions information overwritesthe license conditions information on the external memory 67. Since themethod of rewriting and storing data of the external memory 67 wasdescribed in FIG. 70, their details are omitted. Since steps S307 toS311 are similar to steps S268 to S272 of FIG. 79, their details areomitted.

If the managed transfer right was not included in the license conditionsinformation in step S303, or if the purchase or the holder of themanaged transfer right was not the home server 51 in step S304, theprocessing is terminated.

In this way, the right for reproducing contents from the home server 51to the fixed apparatus 52 can be transferred.

FIG. 83 is a flow chart illustrating processing for returning themanaged transfer right from the fixed apparatus 52 currently holding themanaged transfer right to the home server 51 that is the purchaser ofthe managed transfer right. In FIG. 83, since step S320 is similar tostep S220 of FIG. 74, its details are omitted. Since step S321 issimilar to step S221 of FIG. 74, its details are omitted, but it isinspected if the other's ID is registered in each of the home server 51and the fixed apparatus 52. If it is decided that the IDs areregistered, the processing proceeds to step S322. Since step S322 issimilar to step S246 of FIG. 75, its details are omitted, but data of anidentical content ID is read out in both the home server 51 and thefixed apparatus 52. If data is correctly read from the external memory,the processing proceeds to step S323. Since step S323 is similar to stepS303 of FIG. 82, its details are omitted, but it is decided that boththe home server 51 and the fixed apparatus 52 have the managed transferright. If it is decided that there is the managed transfer right, theprocessing proceeds to step S324.

In step S324, the encryption processing section 65 of the home server 51decides if the purchaser of the managed transfer right is the ID of thehomes server 51 and the holder is the ID of the fixed apparatus 52. Ifit is decided that the purchaser of the managed transfer right is the IDof the home server 51 and the holder is the ID of the fixed apparatus52, the processing proceeds to step S325. Similarly, the encryptionprocessing section 73 of the fixed apparatus 52 decides if the purchaserof the managed transfer right is the ID of the home server 51 and theholder is the ID of the fixed apparatus 52. If it is decided that thepurchaser of the managed transfer right is the ID of the home server 51and the holder is the ID of the fixed apparatus 52, the processingproceeds to step S325.

In step S325, the record reproduction section 76 of the fixed apparatus52 deletes contents from the recording medium 80 (however, sinceencrypted data simply remains, the contents needs not be deleted byforce). In step S326, the encryption processing section 73 of the fixedapparatus 52 causes an external memory control section (not shown) ofthe encryption processing section 73 to delete the content key K_(co)encrypted by the save key K_(save2) stored in the external memory 79 andthe license conditions information. Since the deletion method of data ofthe external memory 79 was described in FIG. 71, its details areomitted.

In step S327, the control section 91 of the encryption processingsection 65 generates license conditions information in which the holderof the managed transfer right of the license conditions information tothe ID of the home server 51. In step S328, the control section 91 ofthe encryption processing section 65 outputs the license conditionsinformation generated in step S327 to the external memory controlsection 97 of the encryption processing section 65. The external memorycontrol section 97 of the encryption processing section 65 havingreceived the license conditions information overwrites and stores thelicense conditions information in the external memory 67. Since themethod for rewriting and storing in the external memory 67 was describedin FIG. 70, its details are omitted.

If the registration information was tampered or the ID of the otherapparatus was not registered in the homes server 51 or the fixedapparatus 52 in step S321, or if the content key or the licenseconditions information with respect to predetermined contents was notfound in the external memory or the memory block including these wastampered in the home server 51 or the fixed apparatus 52 in step S322,the processing proceeds to step S329 and error processing is performed.

If the managed transfer right did not exist in the license conditionsinformation in the home server 51 or the fixed apparatus 52 in stepS323, or if the purchase was the home server 51 and the holder was notthe fixed apparatus 52 in the home server 51 or the fixed apparatus 52in step S324, the processing is terminated.

In this way, a right for reproducing contents can be returned from thefixed apparatus 52 to the home server 51.

Further, although contents and the content key K_(co) or the like aredescribed as one, these may exist in plural if necessary.

In addition, although the content provider 2 and the service provider 3is handled separately, they may be united as one. Moreover, the methodof the content provider 2 may be applied to the service provider 3 as itis.

(2) Encryption Processing by Using an Individual Key

The content provider 2 encrypts contents a content key that the contentprovider 2 itself prepared as described above with reference to FIG. 9.In addition, the content provider 2 receives an individual key peculiarto a content provider from the electronic distribution service center 1and an individual key encrypted by a delivery key, and encrypts thecontent key by the individual key. Thus, the content provider 2 suppliesthe contents encrypted by the content key, the content key encrypted bythe individual key, and the individual key encrypted by the delivery keyto the user home network 5 via the service provider 3.

The user home network 5 decrypts the individual key peculiar to acontent provider using the delivery key received from the electronicdistribution service center 1. Thus, the user home network 5 candecrypts the content key that is encrypted by the individual keypeculiar to a content provider and supplied from the content provider 2.The user home network 5 having obtained the content key can decryptcontents by the content key.

Here, while an individual key is peculiar to each content server, adelivery key is only one kind. Therefore, the user home network 5 candecrypt an individual key from each content provider if it has one kindof delivery key. Accordingly, the user home network 5 does not need tohave an individual key peculiar to each content provider, and canpurchase contents of all content providers simply by having a deliverykey.

In addition, each content provider cannot decrypt individual keys(encrypted by a delivery key) peculiar to other content providers by nothaving a delivery key. Thus, stealing of contents among contentproviders can be prevented.

Here, in order to clarify the above-mentioned configurations of theembodiments and each means of the inventions described in the claims,characteristics of the present invention will be described as follows byadding the embodiment (only one example) corresponding to each means inparenthesis following each means. However, this description does notmean that each means is limited to the described examples of course.

That is, in the information transmission system of the present inventionis provided with a memory for saving individual key (e.g., a tamperresistant memory 201 of FIG. 84) held by a content provider or a contentseller transmitting information such as contents (e.g., a contenttransmission apparatus 200 of FIG. 84), means for encrypting a contentkey K_(co) by an individual key K_(i) (e.g., a data encryption section203 of FIG. 84), means for generating a handling policy in which useconditions or the like of the content key K_(co) are described (e.g., ahandling policy generation section 206 of FIG. 84), means for generatinga digital signature with respect to various kinds of data (e.g., asignature generation section 207 of FIG. 84), means for verifyingsignature data generated with respect to various kinds of data (e.g., asignature verification section 222 of FIG. 84) held by a user purchasingcontents (e.g., a content receiving apparatus 210 of FIG. 84), means forcomparing an ID indicating a generator of the content key K_(co) and anID of a generator of the handling policy (e.g., a comparator 226 of FIG.84), and means for saving a delivery key (e.g., a tamper resistantmemory 221 of FIG. 84).

In addition, the information transmission system of the presentinvention is provided with a memory for saving an individual key (e.g.,a tamper resistant memory 201 of FIG. 85) held by a content provider ora content seller transmitting information such as contents (e.g., acontent transmission apparatus 200 of FIG. 85), a memory for saving akey certificate (e.g., a memory 202 of FIG. 85), means for encryption acontent key K_(co) by an individual key K_(i) (e.g., a data encryptionsection 203 of FIG. 85), means for verifying signature data generatedwith respect to various kinds of data (e.g., a signature verificationsection 222 of FIG. 85) held by a user purchasing contents (e.g., acontent receiving apparatus 210 of FIG. 85), and means for saving adelivery key (e.g., a tamper resistant 221 of FIG. 85).

(3) Remote Reproduction Processing

Remote reproduction processing for receiving a reproduction command froman apparatus holding contents (e.g., the homes server 51) by anapparatus that does not hold a reproduction right of contents (e.g., thefixed apparatus 52) and reproducing the contents will be described.

FIG. 86 shows remote reproduction processing procedures, and first, instep S401, the home server 51 and the fixed apparatus 52 mutuallyauthenticate after a content ID of contents that are to be remotelyreproduced by an input operation of a user is inputted in the uppercontroller 62. Since the mutual authentication processing is similar tothe processing described in FIG. 52, its description is omitted. In stepS402, the upper controller 62 of the home server 51 causes theencryption processing section 65 of the home server 51 to inspectregistration information read out from the mass storage section 68 ofthe home server 51. The encryption processing section 65 having receivedthe registration information from the upper controller 62 causes thesignature verification unit 115 of the encryption/decryption module 96to verify a signature attached to the registration information by apublic key of the authentication station 22 supplied form the storagemodule 92 of the encryption processing section 65. After successfulverification of the signature, the encryption processing section 65decides if the item of “registration” is marked “registration possible,”and if it is decided that the item is marked “registration possible,”the processing proceeds to step S403. Further, the fixed apparatus 52side also inspects the registration information, and decides that thehome server 51 is marked “registration possible.”

In step S403, the upper controller 62 generates a reproduction commandincluding a content ID of contents to be remotely reproduced, and insubsequent step S404, the encryption processing section 65 of the homeserver 51 causes the external memory control section 97 of theencryption processing section 65 to read out a content key K_(co)encrypted by a save key K_(save) and license conditions informationcorresponding to the contents to be remotely reproduced from theexternal memory 67. Since a method for reading out data from theexternal memory 67 by the external memory control section 97 is asdescribed in FIG. 68, its details are omitted. If succeeded in readingout, the processing proceeds to step S405.

In step S405, the decryption unit 111 of the encryption/decryptionmodule 96 decrypts the content key K_(co) read out from the externalmemory 67 by the save key K_(save) supplied from the storage module 92.After encrypting the content key K_(co) by the temporary key K_(temp) instep S406, the encryption unit 112 of the encryption/decryption module96 encrypts the reproduction command by the temporary key K_(temp) instep S407.

In the subsequent step S408, the home server 51 reads out the contents(encrypted by the content key K_(co)) to be remotely reproduced from themass storage section 68, and transmits the contents to the fixedapparatus 52 together with the content key and the reproduction commandencrypted by the temporary key K_(temp) in the above-mentioned stepsS406 and S407.

In step S409, the fixed apparatus 52 decrypts the content key and thereproduction command received from the home server 51 by the temporarykey K_(temp), and in step S410, the encryption processing section 73 andthe extension section 74 mutually authenticate and share the temporarykey K_(temp2). Then, in step S411, the encryption processing section 73encrypts the content key K_(co) and the reproduction command by thetemporary key K_(temp2) shared with the extension section 74 in theabove-mentioned step S410. In step S412, the encryption processingsection 73 transmits the content key K_(co) and the reproduction commandencrypted by the temporary key K_(temp2) to the extension section 74,and in step S413, the extension section 74 decrypts the content keyK_(co) and the reproduction command by the temporary key K_(temp2).

In step S414, the extension section 74 decrypts the contents receivedfrom the home server 51 in the above-mentioned step S408 by the contentkey K_(co) decrypted in the above-mentioned step S413 in accordance withthe reproduction command decrypted in the above-mentioned step S413.Then, in step S415, the extension section 74 extends the decryptedcontents by a predetermined method such as the ATRAC. In step S416, theupper controller 72 inserts data instructed by the encryption processingsection 73 in the contents in the form of an electronic watermark.Incidentally, the data handed from the encryption processing section 73to the extension section 74 is not limited to the content key K_(co) andthe reproduction command, but includes reproduction conditions (ananalog output, a digital output, an output with copy control signal(SCMS)), an ID of an apparatus that has purchased a content utilizationright, or the like. The data to be inserted is the ID of the apparatusthat has purchased the content utilization right, i.e., an ID of anapparatus in the license conditions information. In step S417, theextension section 74 reproduces music via a speaker (not shown).

In the above-described configuration, since the home server 51 transmitsthe contents and the reproduction command of the contents as well as thecontent key K_(co) to the fixed apparatus 52, the fixed apparatus 52that does not hold the reproduction right of the contents can reproducethe contents using the reproduction command and the content key K_(co).Therefore, according to the above-described configuration, the contentscan be reproduced in a plurality of apparatuses (a fixed apparatus, etc)connected to an apparatus holding the contents (an apparatus having thereproduction right of the contents).

(4) Reservation Purchase Processing

Reservation purchase processing for performing a purchase reservation ofcontents by performing key conversion of the contents in advance beforean effective period of a delivery key is expired will be described. Instep S451 of reservation purchase processing procedures indicated inFIG. 87, the home server 51 performs registration information updatedecision processing, and the processing proceeds to step S452. Since theregistration information update decision processing is as described inFIGS. 61 and 62, its detailed description is omitted. However, in thereservation purchase processing, decision of a registration informationupdate timing based on a number of purchase and a purchase pricedescribed in steps S601 and S602 of FIG. 61 may not be performed.

In step S452, the upper controller 62 of the home server 51 inputs theregistration information read out from the mass storage section 68 ofthe home server 51 in the encryption processing section 65 of the homeserver 51. After verifying a signature of the registration informationby the signature verification unit 115 of the encryption/decryptionmodule 96, the encryption processing section 65 having received theregistration information decides whether or not the items of “purchaseprocessing” and “registration” with respect to the ID of the home server51 are marked “purchase possible” and “registration possible,” and ifthey are marked “purchase possible” and “registration possible,” theprocessing proceeds to step S453. In step S453, the upper controller 62of the home server 51 inputs the public key certificate of the contentprovider 2 read out from the mass storage section 68 of the home server51 in the encryption processing section 65 of the home server 51. Afterverifying a signature of the public key certificate of the contentprovider 2 by the signature verification unit 115 of theencryption/decryption module 96, the encryption processing section 65having received the public key certificate of the content provider 2takes out a public key of the content provider 2 from the public keycertificate. If it is confirmed that no tamper is made as a result ofthe verification of the signature, the upper controller 62 proceeds tostep S454.

In step S454, the upper controller 62 of the home server 51 inputs thecontent key K_(co) read out from the mass storage section 68 of the homeserver 51 in the encryption processing section 65 of the home server 51.The encryption processing section 65 having received the content keyK_(co) verifies a signature of the content key K_(co) by the signatureverification unit 115 of the encryption/decryption module 96, and if itis confirmed that no tamper is made, the processing proceeds to stepS455.

In step S455, the upper controller 62 of the home server 51 inputs theindividual key K_(i) read out from the mass storage 68 of the homeserver 51 in the encryption processing section 65 of the home server 51.The encryption processing section 65 having received the individual keyK_(i) verifies a signature of the individual key K_(i) by the signatureverification unit 115 of the encryption/decryption module 96, and if itis confirmed that no tamper is made, the processing proceeds to stepS456.

Here, if one signature is attached to the entirety of the content keyK_(co) encrypted by the individual key K_(i) and the individual keyK_(i) encrypted by the delivery key K_(d), steps S454 and S455 can beunited and the signature verification processing can be simplified.

In step S456, the control section 91 of the encryption processingsection 65 decrypts the individual key K_(i) inputted in step S455 bythe decryption unit 111 of the encryption/decryption module 96 using thedelivery key K_(d) supplied from the storage module 92. Then, thecontrol section 91 of the encryption processing section 65 decrypts thecontent key K_(co) inputted in step S454 using the individual key K_(i)previously decrypted. Finally, the control section 91 of the encryptionprocessing section 65 encrypts the content key K_(co) by the encryptionunit 112 of the encryption/decryption module 96 using the save keyK_(save) supplied from the storage module 92.

In step S457, the content key K_(co) encrypted by the save key K_(save)is saved in the external memory 67 via the external memory controlsection 97 of the encryption processing section 65.

In addition, if it is decided in step S452 that the home server 51 is anapparatus that cannot perform purchase processing, or it is decided instep S453 that the signature of the public key certificate of thecontent provider 2 is not correct, or if it is decided in step S454 thatthe signature of the content key K_(co) encrypted by the individual keyK_(i) is not correct, or if its is decided in step S455 that thesignature of the individual key K_(i) encrypted by the delivery keyK_(d) is not correct, the processing proceeds to step S458, where thehome server 51 performs error processing.

As described above, after decrypting the content key K_(co) by theindividual key K_(i), the home server 51 re-encrypts the content keyK_(co) by the save key K_(save), and causes the external memory 67 tostore it. Since this reservation purchase processing does not actuallypurchase contents, among the purchase processing described above withreference to FIG. 67, processing for charge information in theregistration information update determination processing of step S161,processing for purchased contents corresponding to step S164, processingfor a handling policy corresponding to step S167, processing for publickey verification of a service provider corresponding to step S168,processing for signature verification of price information correspondingto step S169, and save processing of charge information and licenseconditions information corresponding to steps S170 through S172 may notbe performed.

Incidentally, in the case of the reservation purchase processing of FIG.87, although the home server 51 did not prepare license conditionsinformation, the home server 51 may prepare license conditionsinformation and set its utilization right content number (i.e., a rightitem) in a state without a right such as an initial value (e.g., #0 thatdoes not exist), or the like.

In this way, in the reservation purchase processing, by saving thecontent key K_(co) in the external memory 67 before an effective periodof the delivery key K_(d) expires, the home server 51 can purchasecontents encrypted by the saved content key K_(co) regardless of aperiod of the delivery key K_(d).

Here, the purchase processing of contents for which purchase reservationis made by saving the content key K_(co) in the external memory 67 inthe home server 51 will be described. In step S471 of the purchaseprocessing procedures shown in FIG. 88, the home server 51 performs theregistration information update determination processing, and theprocessing proceeds to step S472. Since the registration informationupdate determination processing is as described in FIGS. 61 and 62, itsdetails are omitted. However, in the purchase processing, determinationof a registration information update timing based on the delivery keyK_(d) described in step S603 of FIG. 61 may no be performed.

In step S472, the upper controller 62 of the home server 51 inputs theregistration information read out from the mass storage section 68 ofthe home server 51 in the encryption processing section 65 of the homeserver 51. After verifying a signature of the registration informationby the signature verification unit 115 of the encryption/decryptionmodule 96, the encryption processing section 65 having received theregistration information decides if the items of “purchase processing”and “registration” are marked “purchase possible” and “registrationpossible,” if they are marked “purchase possible” and “registrationpossible,” the processing proceeds to step S473. In step S473, the uppercontroller 62 of the home server 51 inputs the public key certificate ofthe content provider 2 read out from the mass storage section 68 of thehome server 51 in the encryption processing section 65 of the homeserver 51. After verifying a signature of the public key certificate ofthe public key certificate of the content provider 2 by the signatureverification unit 115 of the encryption/decryption module 96, theencryption processing section 65 having received the public keycertificate of the content provider 2 takes out a public key of thecontent provider 2 from the public key certificate. If it is confirmedthat no tamper is made as a result of the verification of the signature,the processing proceeds to step S474.

In step S474, the upper controller 62 of the home server 51 inputs thecontents read out from the mass storage section 68 of the home server 51in the encryption processing section 65 of the home server 51. Theencryption processing section 65 having received the contents verifies asignature of the contents by the signature verification unit 115 of theencryption/decryption module 96, and if it is confirmed that no tamperis made, the processing proceeds to step S475.

In step S475, the upper controller 62 of the home server 51 inputs thehandling policy read out from the mass storage section 68 of the homeserver 51 in the encryption processing section 65 of the home server 51.The encryption processing section 65 having received the handling policyverifies a signature of the handling policy by the signatureverification unit 115 of the encryption/decryption module 96, and if itis confirmed that no tamper is made, the processing proceeds to stepS476. In step S476, the upper controller 62 of the home server 51 inputsthe public key certificate of the service provider 3 read out from themass storage section 68 of the home server 51 in the encryptionprocessing section 65 of the home server 51. After verifying a signatureof the public key certificate of the service provider 3 by the signatureverification unit 115 of the encryption/decryption module 96, theencryption processing section 65 having received the public keycertificate of the service provider 3 takes out a public key of theservice provider 3 from the public key certificate. If it is confirmedthat no tamper is made as a result of the verification of the signature,the processing proceeds to step S477.

In step S477, the upper controller 62 of the home server 51 inputs theprice information read out from the mass storage section 68 of the homeserver 51 in the encryption processing section 65 of the home server 51.The encryption processing section 65 having received the priceinformation verifies a signature of the price information by thesignature verification unit 115 of the encryption/decryption module 96,and if it is confirmed that no tamper is made, the processing proceedsto step S478.

In step S478, the upper controller 62 of the home server 51 displaysinformation of purchasable contents (e.g., a purchasable utilizationform, a price or the like) using the display means 64, and a userselects a purchase item using the inputting means 63. Further, selectionprocessing of a purchase item may be performed prior to the purchaseprocessing. A signal inputted from the inputting means 63 transmitted tothe upper controller 62 of the home server 51, and the upper controller62 generates a purchase command based on the signal and inputs thepurchase command in the encryption processing section 65 of the homeserver 51. The encryption processing section 65 having received thisgenerates charge information and license conditions information from thehandling policy inputted in step S475 and the price information inputtedin step S477. Since the charge information is as descried in FIG. 42,its details are omitted. In addition, since the license conditionsinformation is as described in FIG. 41, its details are omitted.

In step S479, the control section 91 of the encryption processingsection 65 saves the charge information generated in step S478 in thestorage module 92. Then, in step S480, the control section 91 of theencryption processing section 65 transmits the license conditionsinformation generated in step S478 to the external memory controlsection 97 of the encryption processing section 65. After checkingtamper of the external memory 67, the external memory control section 97having received the license conditions information writes the licenseconditions information in the external memory 67. Since the tamper checkin writing is as described in FIG. 69, its detailed description isomitted. (Further, if license conditions information without a right isalready written, the license conditions information is rewritten andupdated by the rewriting processing described in FIG. 70).

Incidentally, if it is decided in step 472 that the home server 51 is anapparatus that cannot perform purchase processing or is not registered,or if it is decided in step S473 that a signature of the public keycertificate is not correct, or if it is decided in step S474 that asignature of the contents encrypted by the content key K_(co) is notcorrect, or if it is decided in step S475 that a signature of thehandling policy is not correct, or if it is decided in step S476 that asignature of the price information is not correct, the processingproceeds to step S481, where the home server 51 performs errorprocessing.

As described above, the home server 51 completes the purchase processingof contents by storing the charge information of the contents that auser selected to purchase in the storage module 92 and, at the sametime, storing the license conditions information in the external memory67. In the purchase processing, the signature verification of thecontent key K_(co) (step S454) and the signature verification of theindividual key K_(i) (step S455) as well as the substitute processing ofthe content key K_(co) that have already been performed in the purchaseprocessing described with reference to FIG. 87 are not performed.

With the above-described configuration, as the home server 51 saves thecontent key K_(co) in the external memory 67 by the reservation purchaseprocessing before the delivery key K_(d) is updated, even if thedelivery key K_(d) required when decrypting the content key K_(co) isupdated, the contents can be purchased when an effective period of thedelivery key K_(d) is expired because the content key K_(co) is alreadysaved in the external memory 67.

(5) Proxy Purchase Processing

Proxy purchase processing for giving and receiving contents betweenapparatuses having different registration information, i.e., apparatusesbelonging to different groups will be described. In this proxy purchaseprocessing, when contents are given and received between the home server51 and a portable apparatus or the like that is an apparatus external toa group of the home server 51, the case in which the home server 51 sideis charged and the case in which the apparatus external to a group ischarged will be respectively described. In this case, the fixedapparatus 52 described with reference to FIG. 15 will be described asthe apparatus external to a group.

FIG. 89 shows processing procedures in which the home server 51 passescontents to an apparatus external to a group and performs chargeprocessing, and in step S501, the home server 51 and the apparatusexternal to a group mutually authenticate. In step S502, the home server51 and the apparatus external to a group exchange registrationinformation each other, and inspects the other's registrationinformation in the subsequent step S503.

That is, the home server 51 causes the encryption processing section 65to inspect the registration information received from the apparatusexternal to a group. The encryption processing section 65 havingreceived the registration information from the apparatus external to agroup causes the signature verification unit 115 of theencryption/decryption module 96 to inspect a signature attached to theregistration information by a public key supplied from the storagemodule 92 of the encryption processing section 65. After successfulverification of the signature, the control section 91 of the encryptionprocessing section 65 decides whether or not an ID of the apparatusexternal to a group is registered in the registration information andthe items of “purchase processing” and “registration” is marked“purchase possible” and “registration possible.” In addition, theapparatus external to a group having received the registrationinformation of the home server 51 also decides in the similar mannerwhether or not an ID of the home server 51 is registered in theregistration information of the home server 51, and the item of“registration” is marked “registration possible.”. Then, when eachconfirms that the other apparatus is registered, the processing proceedsto step S504.

Since steps S504 to S510 are the processing similar to that of stepsS161 to S171 of FIG. 67, its details are omitted.

In step S511, the control section 91 of the encryption processingsection 65 decrypts the individual key K_(i) encrypted by the deliverykey K_(d) inputted in step S508 by the decryption unit 111 of theencryption/decryption module 96 using the delivery key K_(d) suppliedfrom the storage module 92. Then, the control section 91 of theencryption processing section 65 decrypts the content key K_(co)encrypted by the individual key K_(i) inputted in step S508 by thedecryption unit 111 of the encryption/decryption module 96 using thepreviously decrypted individual key K_(i). Then, the control section 91of the encryption processing section 65 re-encrypts the content keyK_(co) by the encryption unit 112 of the encryption/decryption module 96using the temporary key K_(temp) that was shared by the apparatusexternal to a group at the time of mutual authentication of step S501.In step S512, the control section 91 of the encryption processingsection 65 generates signatures for the content key K_(co) encrypted bythe temporary key K_(temp) and the license conditions informationgenerated in step S509 using the signature generation unit 114 of theencryption/decryption module 96, and transmits them to the uppercontroller 62. The upper controller 62 of the home server 51 havingreceived the content key K_(co) encrypted by the temporary Key K_(temp),the license conditions information and their signatures reads out thecontents encrypted by the content key K_(co) from the mass storagesection 68, and transmits the content key K_(co) encrypted by thetemporary key K_(temp), the license conditions information, theirsignatures and the contents encrypted by the content key K_(co) to theapparatus external to a group.

In step S513, the apparatus external to a group having received thecontent key K_(co) encrypted by the temporary key K_(temp), the licenseconditions information, their signatures and the contents encrypted bythe content key K_(co) outputs the contents encrypted by the content keyK_(co) to the record reproduction section 76 of the apparatus externalto a group. The record reproduction section 76 of the apparatus externalto a group having received the contents encrypted by the content keyK_(co) saves the contents encrypted by the content key K_(co) in therecording medium 80.

In step S514, the encryption processing section 73 of the apparatusexternal to a group verifies the signature received from the home server51 in the above-mentioned step S512, and at the same time, decryptscontent key K_(co) encrypted by the temporary key K_(temp) decrypts bythe decryption unit of the encryption/decryption module using thetemporary key K_(temp) that was shared with the home server 51 at thetime of authentication of step S501. Then, the control section of theencryption processing section 73 re-encrypts the content key K_(co) bythe encryption unit of the encryption/decryption module using the savekey K_(save2) supplied from the storage module of the encryptionprocessing section 73.

In step S515, the encryption processing section 73 of the apparatusexternal to a group transmits the content key K_(co) encrypted by thesave key K_(save2) and the license conditions information received instep S513 to the external memory control section of the encryptionprocessing section 73, and causes the external memory 79 to save them.Since the processing in which the external memory control section writesdata in the external memory was described in FIG. 69, its details areomitted.

In this way, the home server 51 purchases a content utilization right,charge information is saved in the home server 51 side, and autilization right is transferred to the apparatus external to a group.Thus, the home server 51 makes payment for the content utilization righttransferred to the apparatus external to a group.

FIG. 90 shows processing procedures in which the home server 51 passescontents to the apparatus external to a group and the apparatus externalto a group performs charge processing, and in step S551, the apparatusexternal to a group decides whether or not a total of charges of thecharge information stored in the encryption processing section 73 (FIG.15) has reached an upper limit, and if it has not reached the upperlimit, the processing proceeds to step S552. (Further, decision may bemade by an upper limit of the number of charge processing rather thanthe upper limit of the total charges).

In step S552, the upper controller 72 of the apparatus external to agroup inputs the registration information read out from the externalmemory 79 in the encryption processing section 73. After verifying asignature of the registration information by the signature verificationunit of the encryption/decryption module provided it inside, theencryption processing section 73 having received the registrationinformation decides whether or not the item of “purchase processing” foran ID of the apparatus external to a group (the fixed apparatus 52) ismarked “purchase possible,” and if it is marked “purchase possible,” theprocessing proceeds to step S553.

In step S553, the home server 51 and the apparatus external to a groupmutually authenticates. Since the mutual authentication processing issimilar to the processing described in FIG. 52, its description isomitted. In step S554, the home server 51 and the apparatus external toa group exchange information each other, and inspect the other'sregistration information each other in the subsequent step S555.

That is, the home server 51 causes the encryption processing section 65to inspect the registration information received from the apparatusexternal to a group. The encryption processing section 65 havingreceived the registration information from the apparatus external to agroup causes the signature verification unit 115 of theencryption/decryption module 96 to verify a signature attached to theregistration information by the public key supplied from the storagemodule 92 of the encryption processing section 65. After successfulverification of the signature, the control section 91 of the encryptionprocessing section 65 decides whether or not the ID of the apparatusexternal to a group is registered in the registration information, andthe item of “registration” is marked “registration possible.” Inaddition, the apparatus external to a group having received theregistration information of the home server 51 also decides in thesimilar manner whether or not the ID of the home server 51 is registeredin the registration information of the home server 51, and the item of“registration.” is marked “registration possible.” Further, similarprocessing is performed by the apparatus external to a group as well.Then, when each apparatus has confirmed that the other's apparatus isregistered, the processing proceeds to step S556.

In step S556, the control section 91 of the home server 51 reads out thealready purchased content key from the external memory 67 via theexternal memory control section 97, decrypts the content key K_(co) bythe save key K_(save) in the subsequent step S557, and at the same time,re-encrypts it by the temporary key K_(temp) to generates signatures forthem.

In step S558, the home server 51 transmits the content key encrypted bythe save key K_(temp) generated in step S557, and the contents, thehandling policy and the price information read out from the mass storagesection 68 to the apparatus external to a group. In step S559, theapparatus external to a group saves the contents received from the homeserver 51 in the recording medium 80.

After the apparatus external to a group (the fixed apparatus 52)verifies the signatures of the handling policy, the price informationand the like in step S560, in step S561, the upper controller 72 of theapparatus external to a group displays information of purchasablecontents (e.g., a purchasable utilization form, a price or the like)using the displaying means 78, and a user selects a purchase item usingthe inputting means 77. Further, selection processing of a purchase itemmay be performed prior to the proxy purchase processing. The signalinputted from the inputting means 77 is transmitted to the uppercontroller 72, and the upper controller 72 generates a purchase commandbased on the signal and inputs the purchase command in the encryptionprocessing section 73. The encryption processing section 73 havingreceived this generates charge information and license conditionsinformation from the handling policy and the price information inputtedin step S560. Since the charge information was described in FIG. 42, itsdetails are omitted. Since the license conditions information wasdescribed in FIG. 41, its details are omitted.

In step S562, the encryption processing section 73 saves the chargeinformation generated in step S561 in the storage module in theencryption processing section 73. In step S563, with respect to thecontent key encrypted in step S557, the encryption processing section 73verifies a signature, and at the same time, decrypts the signature bythe temporary key K_(temp), and re-encrypts it by the save keyK_(save2). Then, in step S564, the content key K_(co) encrypted by thesave key K_(save2) is saved in the external memory 79 from theencryption processing section 73.

In this way, since the home server 51 transfers the already purchasedcontent utilization right to the apparatus external to a group and theapparatus external to a group saves the charge information, theapparatus external to a group makes payment for the content utilizationright transferred from the home server 51.

In the above-described configuration, by exchanging the registrationinformation each other between the apparatuses having differentregistration information as described in the above-mentioned steps S502and S554, contents held by one apparatus can be transferred to the otherapparatus after confirming that the other apparatus is a registeredapparatus. Therefore, according to the above-described configuration,contents can be given and received between apparatuses belonging todifferent groups.

Further, although a signature of contents was verified in performingpurchase processing in the above-mentioned embodiment, the processing issometimes omitted because it takes time. In addition, whether or notverification is sometimes necessary is described in a handling policy orprice information, and operations are performed in accordance with it.

(6) Data Format of Various Kinds of Data

The electronic distribution service center 1 adds an ID of the contentprovider 2 in an individual key K_(i) for each content provider 2,encrypts the entirety of the individual key K_(i) and the ID of thecontent provider 2 using the delivery key K_(d), and delivers theobtained data to a corresponding content provider 2 as the encryptedindividual key K_(i).

The content provider 2 stores the encrypted individual key K_(i) givenby the electronic distribution service center 1 in this way in key datafor single contents as it is, and delivers it to an apparatus in theuser home network 5 via the service provider 3. Then, in the electronicmusic distribution system 10, the deliver key K_(d) for decrypting theencrypted individual key K_(i) included in the key data is held only bythe apparatus in the user home network 5, thereby substantiallycertainly preventing the ID of the content provider 2 that is encryptedtogether with the individual key. K_(i) to be tampered between thecontent provider 2 and the apparatus in the user home network 5 thatpurchases the contents.

Therefore, the apparatus in the user home network 5 can easily andcertainly check whether or not single contents and album contents aswell as a handling policy are legal data by comparing an ID of thecontent provider 2 included in the single contents and album contents aswell as a handling policy and an ID of the content provider 2 that isincluded in the key data and encrypted together with the individual keyK_(i), even if signatures of single contents and album contents aretampered during delivery and illegal contents are supplied, or asignature of a handling policy of the like is tampered during delivery.

Thus, in the electronic music distribution system 10, for example,purchase processing of illegal contents or generation of chargeinformation for distributing profit illegally to a third party based onan illegal handling policy can be substantially certainly prevented,thereby preventing content data to be illegally utilized.

Incidentally, in such an electronic music distribution system 10, an IDof the service provider 3 may be encrypted and delivered in the samemanner as an ID of the content provider 2, in which case, for example,even if an ID of the service provider 3 included in charge informationis tampered (i.e., a signature of price information is tampered) toillegally obtain profit, this can be easily and certainly prevented.

In addition, FIG. 91 shows generation management by transfer processingof a managed transfer right. As described above with reference to FIGS.33 and 34, how many generations of reproduction rights can betransferred at the most is stored in a handling policy as generationmanagement information. Therefore, when the handling policy is given toa predetermined first apparatus in the user home network 5 from thecontent provider 2 via the service provider 3 and purchase processing isexecuted in the encryption processing section in the first apparatus,the encryption processing section detects generation managementinformation included in the handling policy, and detects a maximumnumber of time the contents indicated by the generation managementinformation can be repurchased.

Then, when purchase processing of contents to which the handling policyis attached according to the detected maximum number of times contentscan be repurchased, the encryption processing section prepares licenseconditions information based on the handling policy, stores the ID ofthe encryption processing section in the license conditions information,and at the same time, stores a number of times found by deducting onefrom the maximum number of times contents can be repurchased (i.e., aremaining number of time contents can be repurchased) as generationmanagement information.

In addition, when the purchased contents are supplied from a contentprovider 2 in which the encryption processing section is not provided,although the encryption processing section prepares charge informationbased on a handling policy, the encryption processing section stores apredetermined value set in advance that indicates neither encryptionprocessing section as an ID of a supplier in the charge information.

Then, when the contents to which purchase processing was applied can beredistributed by the generation management information included in thelicense conditions information, a first apparatus redelivers thecontents from the first apparatus to a second apparatus in the user homenetwork 5 together with the license conditions information, ifnecessary. In the second apparatus, when executing purchase processingto the redelivered contents, the encryption processing section insidethe second apparatus prepares the license conditions informationattached to the contents again, stores the ID of the encryptionprocessing section in the license conditions information prepared again,and at the same time, stores a number of times found by deducting onefrom the remaining number of times content can be repurchased stored inthe first apparatus (i.e., a new remaining number of times contents canbe repurchased) as generation management information. In addition, theencryption processing section stores the ID of the encryption processingsection in the first apparatus as an ID of a supplier in the chargeinformation prepared along the purchase processing.

Then, thereafter, if the contents to which the purchase processing isapplied by the generation management information included in the licenseconditions information has been repurchased for the maximum number oftimes the purchase processing is possible set in advance, the secondapparatus determines that redelivery is impossible and does notredeliver the contents.

Thus, in the electronic music distribution system 10, by providing forthe maximum number of times contents can be repurchased in the handlingpolicy in advance by the generation management information as describedabove, and managing a remaining number of times the contents can berepurchased in the license conditions information for each purchaseprocessing of the contents, illegal repurchase can be prevented.

In addition, in the electronic music distribution system 10, byaccumulating and storing an ID of a supplier of the contents by chargeinformation upon repurchasing the contents, a supply route of thecontents can be specified from the ID of the supplier of the chargeinformation, if necessary, and, when illegal contents flows into thesystem, a supplier of the illegal contents can be retrieved andeliminated.

Incidentally, in the electronic music distribution system 10, since anapparatus in the user home network 5 provides the contents on behalf ofthe content provider 2 or the service provider 3 upon repurchasing thecontents, for example, in the electronic distribution service center 1,profits can be returned to the apparatus by adding a discount point thatcan be used upon purchasing contents to a user having the apparatus of asupplier of repurchase of the contents based on an ID of the supplierincluded in the charge information.

In above-described configuration, in the electronic music distributionsystem 10, in the case in which contents is provided to an apparatus inthe user home network 5 via from the content provider 2 via the serviceprovider 3, the content provider 2 generates single contents and albumcontents in which the contents encrypted by the content key K_(co) andthe ID of the content provider 2 are stored, and at the same time,generates handling policies of the single contents and the albumcontents in which the ID of the content provider 2 is stored, and alsogenerates key data for the single contents and the album contents inwhich the content key K_(co) encrypted by the individual key K_(i), theindividual key K_(i) encrypted by the delivery key K_(d) or the like arestored.

Then, the content provider 2 transmits the single contents and the albumcontents, the handling policies of the single contents and the albumcontents, and the key data for the single contents and the albumcontents as a content provider secure container.

Here, the content provider 2 then uses the individual key K_(i) suppliedfrom the electronic distribution service center 1 as an individual keyK_(i) encrypted by the delivery key K_(d), whereas the electronicdistribution service center 1 adds an ID of the content provider 2 tothe individual key K_(i) and encrypts the entirety of these using thedelivery key K_(d). Then, the delivery key K_(d) used for thisencryption is held only by an apparatus in the user home network 5 otherthan the electronic distribution service center 1.

Therefore, in the electronic music distribution system 10, theindividual key K_(i) encrypted by the delivery key K_(d) can be providedfrom the content provider 2 to an apparatus in the user home network 5via the service provider 3 while preventing tampering, thus, in theapparatus, by comparing the ID of the content provider 2 obtained bydecrypting the individual key K_(i) encrypted by the delivery key K_(d)and the IDs of the content provider 2 included in the single contentsand the album contents as well as the handling policies of the singlecontents and the album contents respectively, whether or not signaturesof the handling policies of the single contents and the album contentsas well as the handling policies of the single contents and the albumcontents can be easily and certainly detected.

As a result, in the electronic music distribution system 10, provisionof illegal contents to a user or generation of charge information for athird party to illegally obtain profit using a handling policy can beprevented, thus, illegal utilization of contents by a third party can beprevented.

In addition, in the electronic music distribution system 10, a maximumnumber of times contents can be repurchased is stored in a handlingpolicy provided from the content provider 2, and at the same time, aremaining number of times contents can be repurchased is stored in thelicense conditions information in the apparatus each time the contentsare repurchased between apparatuses in the user home network 5.

Therefore, in the electronic music distribution system 10, an apparatusin the user home network 5 can manage a remaining number of timescontents can be repurchased by the license conditions information, thus,illegal repurchase exceeding the maximum number of times contents can berepurchased can be prevented.

According to the above-described configuration, by directly attaching anID of the content provider 2 to contents encrypted from the contentprovider 2 (i.e., storing an ID of the content provider 2 in data ofsingle contents and album contents) or indirectly attaching it (i.e.,attaching a handling policy in which an ID of the content provider 2 isstored), providing an ID of the content provider 2 encrypted togetherwith the individual key K_(i) using the delivery key K_(d) together withthe content to which the ID of the content provider 2 is attached to anapparatus in the user home network 5, decrypting the encrypted ID of thecontent provider 2 in the apparatus, and comparing the obtained ID ofthe content provider 2 and the ID of the content provider 2 attached tothe contents, whether or not the contents can be legally utilized can beeasily and certainly determined, thus, an electronic music distributionsystem that can prevent contents from illegally utilized.

In addition, by storing a maximum number of times contents can berepurchased in a handling policy provided form the content provider 2,and at the same time, storing a remaining number of times the contentscan be repurchased in the license conditions information in theapparatus to manage the number of times the contents can be repurchased,illegal repurchase exceeding the maximum number of times the contentscan be repurchased can be prevented.

(7) Configuration of a Record Reproduction Apparatus

In the electronic music distribution system 10, a record reproductionapparatus 250 shown in FIG. 92 is provided as an apparatus in the userhome network 5. In the record reproduction apparatus 250, an electronicdistribution only recording medium 251 that is a data storage apparatusis detachably provided.

The record reproduction apparatus 250 can record contents electronicallydistributed from the service provider 3 via the network 4 in theelectronic distribution only recording medium 251 and reproduce thecontents from the electronic distribution only recording medium 251.

Actually, the record reproduction apparatus 250 is composed of acommunication section 260 that is receiving means, an upper controller261 that is record reproduction controlling means, an encryptionprocessing section 262, an extension section 263 that is contentdecrypting means, inputting means 264, displaying means 265, and a massstorage section 266. The communication section 260 communicates with theelectronic distribution service center 1, and at the same time,communicates with the service provider 3 via the network 4.

The upper controller 261 once hold a content provider secure containerand a service provider secure container received by the communicationsection 260 in the mass storage section 266 by controlling the recordreproduction apparatus 250 and the electronic distribution onlyrecording medium 251 based on an operation instruction inputted via theinputting means 264 at the time of purchase processing.

Then, the upper controller 261 causes the electronic distribution onlyrecording medium 251 to execute purchase processing, thereby reads outcontents encrypted by a corresponding content key K_(co), a content keyK_(co) encrypted by an individual key K_(i), and an individual key K_(i)encrypted by a delivery key K_(d) from the mass storage section 266,decrypts the individual key K_(i) encrypted by the delivery key K_(d) bya delivery key K_(d) read out from the storage module 311 of theencryption processing section 301 in the electronic distribution onlyrecording medium 251, decrypts the content key K_(co) encrypted by theindividual key K_(i) by the decrypted individual key K_(i), encrypts theobtained content key K_(co) by a save key K_(save) read out from thestorage module 311 of the encryption processing section 301, and recordsthe contents encrypted by the read out content key K_(co) and thecontent key K_(co) encrypted by the save key K_(save) in the electronicdistribution only recording medium 251.

In addition, the upper controller 261 reads out a content key K_(co)encrypted by a temporary key K_(temp1) (shared by the encryptionprocessing section 262 and the encryption processing section 301 bymutual authentication) from the electronic distribution only recordingmedium 251, and supplies a content key K_(co) encrypted by a temporarykey K_(temp2) (shared by the encryption processing section 262 and theextension section 263 by mutual authentication) and contents encryptedby the content key K_(co) to the extension section 263 to decrypt thecontents encrypted by the content key K_(co) using the content keyK_(co) by controlling the record reproduction apparatus 250 and theelectronic distribution only recording medium 251 based on an operationinstruction inputted via the inputting means 264 at the time ofreproduction processing.

Incidentally, since the inputting means 264 and the displaying means 265have functions similar to those of the inputting means 63 and thedisplaying means 64 respectively, their descriptions are omitted.

The encryption processing section 262 is composed of a control section270, a storage module 271, a registration information inspection module272, a purchase processing module 273, a mutual authentication module274, and an encryption/decryption module 275. Incidentally, theencryption processing section 262 is composed of an encryptionprocessing only IC of a single chip in the same manner as the encryptionprocessing section 65, and has a characteristic that illegally readingout data from outside is difficult (tamper resistant feature).

In the encryption processing section 262, since the control section 270,the storage module 271, the registration information inspection module272, the purchase processing module 273, and the encryption/decryptionmodule 275 have functions similar to those of the control section 91,the storage module 92, the registration information inspection module93, the purchase processing module 94, and the encryption/decryptionmodule 96 of the homes server 51, their descriptions are omitted.

In addition, the mutual authentication module 274 executes mutualauthentication with the extension section 263 and the electronicdistribution only recording medium 251, and generates a temporary keyK_(temp) (session key) to be shared with the extension section 263 andthe electronic distribution only recording medium 251, if necessary.

The encryption/decryption module 275 is composed of a decryption unit280, an encryption unit 281, a random number generation unit 282, asignature generation unit 283, and a signature verification unit 284.Since the decryption unit 280, the encryption unit 281, the randomnumber generation unit 282, the signature generation unit 283, and thesignature verification unit 284 have functions similar to those of thedecryption unit 111, the encryption unit 112, the random numbergeneration unit 113, the signature generation unit 114, and thesignature verification unit 115 of the home server 51 respectively,their descriptions are omitted.

The extension section 263 is composed of a mutual authentication module290, a key encryption module 291, a decryption module 292, an extensionmodule 293, an electronic watermark addition module 294, and a storagemodule 295. Since the mutual authentication module 290, the keydecryption module 291, the decryption module 292, the extension module293, the electronic watermark addition module 294, and the storagemodule 295 have functions similar to those of the mutual authenticationmodule 101, the key decryption module 102, the decryption module 103,the extension module 104, the electronic watermark addition module 105,and the storage module 106 of the home server 51 respectively, theirdescriptions are omitted.

In addition, the electronic distribution only recording medium 251 ismade to execute purchase processing to prepare charge information, andhold the prepared charge information, and is composed of a communicationsection 300 that is communicating means, an encryption processingsection 301 that is content key encryption means and content keydecryption means, an external memory control section 302 that is recordreproducing means, and an external memory 303 that is recording medium.

The communication section 300 transmits and receives data between theupper controller 261 of the record reproduction apparatus 250. Theencryption processing section 301 is made up of a circuit configurationsimilar to the encryption processing section 65 of the home server 51,and has a characteristic that illegal read out of data from outside isdifficult (tamper resistant feature). In addition, the encryptionprocessing section 301 is composed of a control section 310, a storagemodule 311 that is save key holding means, a registration informationinspection module 312, a purchase processing module 313, a mutualauthentication module 314, and an encryption/decryption module 315.

Since the control section 310, the storage module 311, the registrationinformation inspection module 312, the purchase processing module 313,the mutual authentication module 314, and the encryption/decryptionmodule 315 have functions similar to those of the control section 91,the storage module 92, the registration information inspection module93, the purchase processing module 94, the mutual authentication module95, and the encryption/decryption module 96 of the home server 51respectively, their descriptions are omitted. Incidentally, theencryption/decryption module 315 is composed of a decryption unit 320,an encryption unit 321, a random number generation unit 322, a signaturegeneration unit 323, and a signature verification unit 324.

The external memory control section 302 performs tamper check, ifnecessary, in addition to reading and writing data in and from theexternal memory 303. Various kinds of recording media such as a writableoptical disk, a hard disk, or a semiconductor memory can be applied asthe external memory 303. Therefore, a structure that can read out datafrom these recording media is necessary as the external memory controlsection 302, which performs reading and writing by adding a recordingmedium control section (not shown), if necessary. Further, since detailsof the tamper check processing were described in FIGS. 68 to 71, theirdescriptions are omitted.

Here, in such an electronic distribution only recording medium 251, asave key K_(save) peculiar to the electronic distribution only recordingmedium 251 is held by the storage module 311 of the encryptionprocessing section 301. In the electronic distribution only recordingmedium 251, when the content key K_(co) is recorded in the externalmemory 303, the content key K_(co) is encrypted by the save keyK_(save), and when the encrypted content key K_(co) is reproduced fromthe external memory 303, the content key K_(co) is decrypted by thestorage key K_(save) and transmitted to the record reproductionapparatus 250.

Therefore, contents recorded in a recording medium by a conventionalrecord reproduction apparatus cannot be reproduced by an apparatus(i.e., an apparatus holding a save key K_(save) different from a savekey K_(save) that has encrypted the contents) other than an apparatusthat has recorded the contents in the recording medium (i.e., anapparatus holding a save key K_(save) peculiar to an encryptionprocessing section that has encrypted a content key K_(co) to berecorded in the recording medium), whereas the contents recorded in theelectronic distribution only recording medium 251 can be reproduced byany apparatus as far as it has a configuration similar to that of theabove-mentioned record reproduction apparatus 250 even if it does nothold a save key K_(save).

Incidentally, in such a record reproduction apparatus 250, sincecontents are recorded in the electronic distribution only recordingmedium 251 together with the content key K_(co) by executing purchaseprocessing, the record reproduction apparatus 250 can be configuredwithout using the encryption processing section 262 and the extensionsection 263 for the purpose of only recording the contents.

In addition, in such a record reproduction apparatus 250, since theelectronic distribution only recording medium 251 is detachablyprovided, and contents can be reproduced from the electronicdistribution only recording medium 251 that has recorded the contentsand the content key K_(co) in another apparatus, the record reproductionapparatus 250 can be used without connecting to the electronicdistribution service center 1 and the network 4 by having a reproductionfunction only.

However, in the user home network 5, when contents and a content keyK_(co) are recorded in the electronic distribution recording medium 251in the record reproduction apparatus 250 connected to the network 4 asdescribed above, and the electronic distribution only recording medium251 is used for reproducing the contents in a record reproduction notconnected to the electronic distribution service center 1 or the network4, it is possible that collection of charge information held by theelectronic distribution only recording medium 251 is difficult in theelectronic distribution service center 1.

Thus, in the electronic distribution only recording medium 251, forexample, charge information in the storage module 311 is periodicallyretrieved from the control section 310 in the encryption processingsection 301, and if there is uncollected charge information in theelectronic distribution service center 1, contents can only bereproduced only one from purchase processing until the chargeinformation is collected by applying reproduction limitation tocorresponding contents, and at the same time, managed transfer of thecontents is not performed as well.

In this way, in the electronic music distribution system 10, a userowning the electronic distribution only recording medium 251 isprevented from reproducing contents illegally. Incidentally, as areproduction limitation due to uncollected charge information, forexample, by setting a number of times contents can be reproduced frompurchase processing until charge information is collected in advance,counting the number of times of reproducing contents from the point ofthe purchase processing, and when the system detects that the chargeinformation is uncollected, the reproduction limitation can beeffectively functioned. That is, when it is detected that the chargeinformation is uncollected, the number of times corresponding contentshave already been reproduced at this point and the number of times ofthe reproduction limitation set in advance, and when the number of timesthe contents have already been reproduced has reached the set number oftimes of reproduction limitation, the contents cannot be reproduced.

In addition, as such a reproduction limitation, a period (time) may beused. That is, by setting time during which contents can be reproduced,if charge information is uncollected after the set time has passed sincepurchase processing, the contents cannot be reproduced. Further, in theelectronic distribution only recording medium 251, limitation contentsof the reproduction limitation may be held by associating it with chargeinformation in the storage module 311 of the encryption processingsection 301, or may be held by associating it with the licenseconditions information in the external memory 303. In addition, bystoring reproduction limitation (the number of times or a period) in ahandling policy and/or price information, at the time of purchaseprocessing, the electronic distribution only recording medium 251 maytake out information of the reproduction limitation from the handlingpolicy and/or the price information, prepare license conditionsinformation including this, and hold the prepared license conditionsinformation in the external memory 303.

Here, purchase processing executed in the record reproduction apparatus250 will be described using a flow chart shown in FIG. 93. In step S700,in the state in which a content provide secure container and a serviceprovider secure container distributed from the service provider 3 viathe network 4 are once held in the mass storage section 266, the uppercontroller 261 in the record reproduction apparatus 250 decides aneffective period (version) of a delivery key K_(d) stored in the storagemodule 311 in the encryption processing section 301 via the controlsection 310 of the encryption processing section 301 in the electronicdistribution only recording medium 251, and if the delivery key K_(d) iseffective, the processing proceeds to step S701.

In step S701, the upper controller 261 determines whether or not a totalof charges of charge information stored in the storage module 311 in theencryption processing section 301 via the control section 310 of theencryption processing section 301 in the electronic distribution onlyrecording medium 251 has reached an upper limit set in advance, and ifthe total of the charges has not reached the upper limit, the processingproceeds to step S702. Incidentally, in step S701, instead ofdetermining whether or not the total of charges has reached the upperlimit, for example, the upper controller 261 may determine whether ornot there is any room the a storage area of charge information in thestorage module 311, and if there is room in the storage area, theprocessing may proceed to step S702. In addition, in step S701, theupper controller 261 may determine whether or not a number of chargeinformation (i.e., a number of times of purchases) stored in the storagemodule 311 has reached a number (of upper limit) set in advance.

In step S702, the upper controller 261 reads out a public keycertificate of the content provider 2 included in the content providersecure container in the mass storage section 266, and transmits the readout public key certificate of the content provider 2 to the encryptionprocessing section 301 in the electronic distribution only recordingmedium 251. Thus, in the encryption processing section 301 in theelectronic distribution only recording medium 251, the control section310 verifies a signature of the public key certificate of the contentprovider 2 in the signature verification unit 324 in theencryption/decryption module 315, and if it is confirmed that not tamperis made to the public key certificate as a result of the verification ofthe signature, takes out a public key of the content provider 2 includedin the public key certificate, and the processing proceeds to step S703.

In step S703, the upper controller 261 reads out key data of thecontents included in the content provider secure container in the massstorage section 266, and transmits the read out key data to theencryption processing section 301 in the electronic distribution onlyrecording medium 251. Thus, in the encryption processing section 301 inthe electronic distribution only recording medium 251, the uppercontroller 261 verifies a signature of the key data in the signatureverification unit 324 in the encryption/decryption module 315, and if itis confirmed that no tamper is made to the key data as a result of theverification of the signature, the processing proceeds to step S704.

In step S704, the upper controller 261 read out a handling policy of thecontents included in the content provider secure container in the massstorage section 266, and transmits the read out handling policy to theencryption processing section 301 in the electronic distribution onlyrecording medium 251. Thus, in the encryption processing section 301 inthe electronic distribution only recording medium 251, the controlsection 310 verifies a signature of the handling policy in the signatureverification unit 324 in the encryption/decryption module 315, and if itis confirmed that no tamper is made to the handling policy as a resultof the verification of the signature, the processing proceeds to stepS705.

In step S705, the upper controller 261 reads out a public keycertificate of the service provider 3 included in the service providersecure container in the mass storage section 266, and forwards the readout public key certificate of the service provider 3 to the encryptionprocessing section 301 in the electronic distribution only recordingmedium 251. Thus, in the encryption processing section 301 in theelectronic distribution only recording medium 251, the control section310 verifies a signature of the public key certificate of the serviceprovider 3 in the signature verification unit 324 in theencryption/decryption module 315, and if it is confirmed that no tamperis made to the key data as a result of the verification of thesignature, the processing proceeds to step S706.

In step S706, the upper controller 261 reads out price information ofthe contents included in the service provider secure container in themass storage section 266, and transmits the read out price informationto the encryption processing section 301 in the electronic distributiononly recording medium 251. Thus, in the encryption processing section301 in the electronic distribution only recording medium 251, thecontrol section 310 verifies a signature of the price information in thesignature verification unit 324 in the encryption/decryption module 315,and if it is confirmed that no tamper is made to the handling policy asa result of the verification of the signature, the processing proceedsto step S707.

In step S707, the upper controller 261 displays information ofpurchasable contents in the displaying means 265, and when a userselects and designates desired contents via the inputting means 264,generates a purchase command corresponding to the selected anddesignated contents, and sends it to the encryption processing section301 in the electronic distribution only recording medium 251. Thus, thecontrol section 310 of the encryption processing section 301 generatescharge information and license conditions information based on thehandling policy (the handling policy whose signature was verified instep S704) and the price information (the price information whosesignature was verified in step S706) in the purchase processing module313, and the processing proceeds to step S708. Incidentally, selectionand designation of desired contents by a user via the inputting means264 may be performed in advance prior to the purchase processing.

In step S708, the control section 310 in the encryption processingsection in the electronic distribution only recording medium 251 savesthe charge information (the charge information generated in step S707)in the storage module 311, and in the subsequent step S709, forwards thelicense conditions information (the license conditions informationgenerated in step S707) to the external memory 303 via the externalmemory control section 302, thereby writing the license conditionsinformation in the external memory 303. In addition, the licenseconditions information may be written in a tamper prevention region (asin the external memory of FIG. 16) in the same manner as writing thedata described above in FIG. 69. Incidentally, the license conditionsinformation may be saved in the storage module 311 of the encryptionprocessing section 301 in the electronic distribution only recordingmedium 251.

In step S710, the control section 310 of the encryption processingsection 301 in the electronic distribution only recording medium 251decrypts the encrypted individual key K_(i) included in the key data(the key data whose signature ware verified in the above-mentioned stepS703) using the delivery key K_(d) (the delivery key K_(d) that wasconfirmed effective in the above-mentioned step S700) in the decryptionunit 320 of the encryption/decryption module 315.

Then, in the decryption unit 320, the control section 310 decrypts theencrypted content key K_(co) included in the key data using theindividual key K_(i) that was previously decrypted. Subsequently, thecontrol section 310 gives the decrypted content key K_(co) and the savekey K_(save) stored in the storage module 311 to the encryption unit321, and encrypts the content key K_(co) using the save key K_(save) inthe encryption unit 321.

In step S711, the control section 310 of the encryption processingsection 301 in the electronic distribution only recording medium 251forwards the content key K_(co) encrypted by the save key K_(save) instep S710 to the external memory 303 via the external memory controlsection 302, and saves the encrypted content key K_(co) in the externalmemory 303, and the processing proceeds to step S712. In addition, thecontent key K_(co) encrypted by the save key K_(save) may be written ina tamper prevention region (as in the external memory of FIG. 16) in thesimilar manner as at the time of writing data described above in FIG.69). Incidentally, the content key K_(co) encrypted by the save keyK_(save) may be saved in the storage module 311 of the encryptionprocessing section 301 in the electronic distribution only recordingmedium 251.

In step S712, the upper controller 261 in the record reproductionapparatus 250 reads out the encrypted contents included in the contentprovider secure container in the mass storage section 266, and forwardsthe read out encrypted contents to the electronic distribution onlyrecording medium 251, thereby storing the encrypted contents in theexternal memory 303 in the electronic distribution only recording medium251.

Incidentally, in the step S712, the upper controller 261 may save thehandling policy whose signature was verified in corresponding step S704and the price information whose signature was verified in step S706 inthe external memory 303 together with the encrypted contents. Inaddition, the encrypted contents (or, the contents and the handlingpolicy as well as the price information) may not be saved in theexternal memory 303 in the step S712, and may be saved in the externalmemory 303 in a step prior to the step S712.

In such purchase processing, if an effective period of the delivery keyK_(d) is expired in step S700, if the total of charges of the chargeinformation has reached the upper limit in step S701, if it is decidedin step S702 that the public key certificate of the content provider 2is not correct, if it is decided in step S703 that the signature of thekey data is not correct, if it is decided in step S704 that thesignature of the handling policy is not correct, if it is decided instep S705 that the public key certificate of the service provider 3 isnot correct, and if it is decided in step S706 that the signature of theprice information is not correct, the processing proceeds to step S713in each case, where error processing is executed. Incidentally, in suchpurchase processing, although a case in which a signature of contents isnot verified is shown, the signature of the contents may be verified inany of the steps prior to saving the contents in the external memory303.

Incidentally, if data is transmitted and received between the recordreproduction apparatus 250 and the electronic distribution onlyrecording medium 251, a signature is attached to the data on thetransmission side, and the signature is verified on the receiving side.

As described above, the record reproduction apparatus 250 executes thepurchase processing in the electronic distribution only recording medium251, thereby recording the contents encrypted by the content key K_(co)in the external memory 303 of the electronic distribution only recordingmedium 251 and the content key K_(co) encrypted by the save key K_(save)peculiar to the encryption processing section 301 of the electronicdistribution only recording medium 251.

In addition, reproduction processing executed in the record reproductionapparatus 250 will be described with reference to a flow chart shown inFIG. 94. In step S720, the upper controller 261 in the recordreproduction apparatus 250 forwards an ID of the contents that isinstructed by a user via the inputting means 264 to be reproduced to theencryption processing section 301 in the electronic distribution onlyrecording medium 251.

In step S721, by forwarding an ID of the contents given from the uppercontroller 261 to the external memory control section 302, the controlsection 310 of the encryption processing section 301 in the electronicdistribution only recording medium 251 reads out the encrypted contentkey K_(co) and license conditions information corresponding to the IDfrom the external memory 303 via the external memory control section302, and forwards the read out encrypted content key K_(co) to thedecryption unit 320 of the encryption/decryption module 315, and at thesame time, forwards the license information to the control section 310.Further, the external memory control section 302 may perform tampercheck in the similar manner as at the time of reading out data describedabove for FIG. 68 when reading out the encrypted content key K_(co) andlicense conditions information from the external memory 303.Incidentally, in the electronic distribution only recording medium 251,the encrypted content key K_(co) and the license conditions informationmay be held in the storage module 311 of the encryption processingsection 301 and may be read out from the storage module 311.

In addition to this, the control section 310 of the encryptionprocessing section 301 retrieves charge information in the storagemodule 311 based on an ID of the contents in step S722, and in thesubsequent step S723, determines whether or not there is chargeinformation corresponding to the ID of the contents in the storagemodule 311, and if the charge information corresponding to the ID hasalready been collected by the electronic distribution service center 1and does not exist in the storage module 311, the processing proceeds tostep S724.

In step S724, the control section 310 of the encryption processingsection 301 updates the license conditions information, if necessary.That is, if utilization right contents included in the licenseconditions information is, for example, a number of times right, thecontrol section 310 indicates to subtract the number of times ofreproduction indicated by the number of times right. Then, theencryption processing section 301 saves the updated license conditionsinformation in the external memory 303 via the external memory controlsection 302. At this point, the external memory control section 302 mayperform tamper check as at the time of rewriting data described abovefor FIG. 70. Incidentally, the license conditions information may beupdated and saves in the storage module 311 of the encryption processingsection 301.

Subsequently, in step S725, the control section 310 of the encryptionprocessing section 301 in the electronic distribution only recordingmedium 251 performs mutual authentication with the encryption processingsection 262 of the record reproduction apparatus 250 using each other'smutual authentication modules 314 and 274, and shares the temporary keyK_(temp1), and the processing proceeds to step S726. Incidentally, sincethe mutual authentication processing procedures were described above forFIG. 51, their detailed description are omitted.

In step S726, the control section 310 of the encryption processingsection 301 in the electronic distribution only recording medium 251decrypts the encrypted content key K_(co) by the save key K_(save)stored in the storage module 311 in the decryption unit 320, andforwards the decrypted content key K_(co) to the encryption unit 321.Then, the control section 310 encrypts the content key K_(co) in theencryption unit 321 using the temporary key K_(temp1) shared with themutual authentication module 274 in step S625, and the processingproceeds to step S727.

In step S727, the control section 310 of the encryption processingsection 301 in the electronic distribution only recording media 251transmits the content key K_(co) encrypted by the temporary keyK_(temp1) to the encryption processing section 262 of the recordreproduction apparatus 250.

In step S728, the control section 270 of the encryption processingsection 262 in the record reproduction apparatus 250 takes the encryptedcontent key K_(co) transmitted from the electronic distribution onlyrecording medium 251 in the decryption processing unit 280 of theencryption/decryption module 275, in step S725, decrypts the encryptedcontent key K_(co) using the temporary key K_(temp1) shared with themutual authentication module 314 in the decryption unit 280, andforwards the decrypted content key K_(co) to the encryption unit 281.

Then, in step S729, the control section 270 of the encryption processingsection 262 in the record reproduction apparatus 250 performs mutualauthentication with the extension section 263 using each other's mutualauthentication modules 274 and 290, and shares the temporary keyK_(temp2). Incidentally, since the mutual authentication processingprocedures was described above for FIG. 51, their detailed descriptionis omitted.

Thus, in step S730, the control section 270 of the encryption processingsection 262 in the record reproduction apparatus 250 encrypts thecontent key K_(co) using the temporary key K_(temp2) shared with theextension section 263 by the encryption unit 281, thereby forwarding theencrypted content key K_(co) to the extension section 263 in thesubsequent step S731.

In step S732, the key decryption module 291 of the extension section 263takes in the encrypted content key K_(co) given by the encryptionprocessing section 262, decrypts the encrypted content key K_(co) usingthe temporary key K_(temp2) shared with the encryption processingsection 262, and forwards the decrypted content key K_(co) to thedecryption module 292.

In step S733, the decryption module 292 of the extension section 263 isat this point given the encrypted contents read out from the externalmemory 303 in the electronic distribution only recording medium 251 bythe upper controller 261, decrypts the encrypted contents using thecontent key K_(co) given by the key decryption module 291, and forwardsthe decrypted contents to the extension module 293.

In step S734, the extension module 293 of the extension section 263extends the contents given by the decryption module 292 by apredetermined method such as ATRAC, and forwards the extended contentsto the electronic watermark addition module 294. In step S735, theelectronic watermark module 294 of the extension section 263 insertspredetermined data such as an ID of the encryption processing section301 of the electronic distribution only recording medium 251 instructedby the control section 270 of the encryption processing section 262 inthe form of an electronic watermark in the extended contents given bythe extension module 293.

Then, in step S736, by forwarding the contents obtained in the extensionsection 263 to, for example, a speaker (not shown), the upper controller261 of the record reproduction apparatus 250 generates music based onthe contents via the speaker. Thus, the record reproduction apparatus250 can reproduce contents in this way.

Here, if charge information corresponding to the ID of the contents isstored in the storage module 311 in step S723, the control section 310of the encryption processing section 301 in the electronic distributiononly recording medium 251 refers to the reproduction limitation at thetime when charge information is uncollected in step S737, and determineswhether or not the contents whose charge information is uncollectedsatisfy reproduction available conditions.

Then, if the contents do not satisfy the reproduction availableconditions (i.e., if the contents have already been reproduced for thenumber of times defined in the reproduction limitation, or if areproduction available period has lapsed), the control section 310 ofthe encryption processing section 301 terminates this reproductionprocessing. On the other hand, if the contents satisfy the reproductionavailable conditions (i.e., if the number of times of reproduction ofthe contents is less than the number of times defined by thereproduction limitation), the processing proceeds to step S724, wherethe control section 310 updates the license conditions information, ifnecessary. Incidentally, the reproduction limitation to be used whenchare information is uncollected may be held in the storage module 311of the encryption processing section 301 in the electronic distributiononly recording medium 251 or the external memory 303, or may be storedin data of a handling policy or price information, or the like.

Incidentally, the electronic distribution only recording medium 251 maybe provided in the home server 51 described above for FIG. 15 or thefixed apparatus 52.

As described above, although, in the record reproduction apparatus 250,the contents encrypted by the content key K_(co) and the content keyK_(co) can be generated from the electronic distribution only recordingmedium 251 and the contents encrypted by the content key K_(co) can bedecrypted by the content key K_(co), until charge information iscollected, the content can be utilized in accordance with thereproduction limitation set in advance, and after the charge informationis collected, the content can be utilized in accordance with utilizationright contents purchased by the purchase processing.

In the above-mentioned configuration, the electronic music distributionsystem 10 is provided with the record reproduction apparatus 250 towhich the electronic distribution only recording medium 251 isdetachably inserted as an apparatus in the user home network 5, and whenthe contents encrypted by the content key K_(co), the content key K_(co)encrypted by the individual key K_(i) and the individual key K_(i)encrypted by the delivery key K_(d) (i.e., a content provider securecontainer and a service provider secure container) are transmitted fromthe service provider 3, controls the electronic distribution onlyrecording medium 251 by the record reproduction apparatus 250 to executepurchase processing, records the contents encrypted by the content keyK_(co) in the electronic distribution only recording medium 251 in theexternal memory 303, and at the same time, decrypts the individual keyK_(i) encrypted by the delivery key K_(d) by the delivery key K_(d),decrypts the content key K_(co) encrypted by the individual key K_(i) bythe individual key K_(i), and encrypts the decrypted content key K_(co)by the save key K_(save) peculiar to the electronic distribution onlyrecording medium 251 to record in the external memory 303. Incidentally,in the electronic distribution only recording medium 251, the save keyK_(save) is saved in the storage module 311 of the encryption processingsection 301 having tamper resistant feature in the electronicdistribution only recording medium 251.

In addition, by controlling the electronic distribution only recordingmedium 251 at the time of reproduction processing, the recordreproduction apparatus 250 reads out the contents encrypted by thecontents key K_(co) and the content key K_(co) encrypted by the save keyK_(save) from external memory 303, decrypts the content key K_(co)encrypted by the save key K_(save) by the save key K_(save), therebytaking out the contents encrypted by the content key K_(co) and thedecrypted content key K_(co) in the electronic distribution onlyrecording medium 251. Then, the record reproduction apparatus 250decrypts the contents encrypted by the content key K_(co) using thecontent key K_(co) using the encryption processing section 262 and theextension section 263.

Therefore, in the electronic music distribution system 10, although thecontents encrypted by the content key K_(co) and the content key K_(co)encrypted by the save key K_(save) are recorded in the external memory303 by the record reproduction apparatus 250 in the electronicdistribution only recording medium 251, since the contents encrypted bythe content key K_(co) and the decrypted content key K_(co) are read outfrom the electronic distribution only recording medium 251, it is notnecessary to save a save key peculiar to the encryption processingsection 262 in the record reproduction apparatus 250. Thus, in theelectronic music distribution system 10, since other apparatusesdifferent from the record reproduction apparatus 250 in which theelectronic distribution only recording medium 251 records contents canreproduce the contents using the electronic distribution only recordingmedium 251 if the apparatuses have the encryption processing section 262and the extension section 263 similar to those of the recordreproduction apparatus 250, generality of the electronic distributiononly recording medium 251 can be dramatically improved.

In addition, in the electronic distribution only recording medium 251,even if contents or a content key K_(co) is illegally read out from theexternal memory 303, by holding the save key K_(save) used in encryptingthe content key K_(co) for decrypting contents in the storage module 311in the encryption processing section 301 having tamper resistantfeature, the save key K_(save) can be prevented from being illegallyread out, thereby enabling to prevent the contents from being illegallyutilized.

Moreover, in the electronic music distribution system 10, due to theincreased generality of the electronic distribution only recordingmedium 251, until charge information for contents recorded in theelectronic distribution only recording medium 251, by limitingutilization of the contents (limiting a number of times and a period ofreproduction and copying), illegal utilization of the contents can beprevented while the charge information is uncollected.

According to the above-mentioned configuration, a save key K_(save)peculiar to the electronic distribution only recording medium 251detachably inserted in the record reproduction apparatus 250 is held inthe electronic distribution only recording medium 251, the recordreproduction apparatus 250 transmits the contents encrypted by thecontent key K_(co), the content key K_(co) encrypted by the individualkey K_(i), and the individual key K_(i) encrypted by the delivery keyK_(d) to the electronic distribution only recording medium 251 at thetime of purchase processing, and in the electronic distribution onlyrecording medium 251, after recording the contents encrypted by thecontent key K_(co) in the external memory 303 and decrypting theencrypted individual key K_(i) by the delivery key K_(d), decrypts theencrypted content key K_(co) by the individual key K_(i), encrypts theobtained content key K_(co) by the save key K_(save) to record in theexternal memory 303, and takes out the contents encrypted by the contentkey K_(co) and the content key K_(co) decrypted by the save key K_(save)from the electronic distribution only recording medium 251 at the timeof reproduction processing to decrypt the contents, thereby enablingreproduction of the contents from the electronic distribution onlyrecording medium 251 even if the electronic distribution only recordingmedium 251 is inserted in another record reproduction apparatus 250different from the record reproduction apparatus 250 used for recordingthe contents, thus an electronic music distribution system that candramatically increase generality of the electronic distribution onlyrecording medium 251 can be realized.

Incidentally, in such an electronic music distribution system 10, thedelivery key K_(d) is not held in the electronic distribution onlyrecording medium 251, or the delivery key K_(d) is not used even if itis held, and after decrypting the content key K_(co) encrypted by theindividual key K_(i) by the individual key K_(i) at the time ofrecording contents by the record reproduction apparatus 250, the contentkey K_(co) may be encrypted using the temporary key K_(temp) mutuallyauthentication and shared with the electronic distribution onlyrecording medium 251, and the content key K_(co) encrypted by thetemporary key K_(temp) may be transmitted to the electronic distributiononly recording medium 251 together with the contents encrypted by thecontent key K_(co).

In addition, although the content provider 2 is applied as aninformation transmission apparatus in the present invention, the contentprovider 2 and the service provider 3 may be applied as the informationtransmission apparatus.

(8) Proxy Processing of Charge Information and Managed TransferProcessing of a Utilization Right

The electronic distribution only recording medium 251 described abovefor FIG. 92, for example, when inserted in the home server 51 that is amanagement apparatus in the user home network 5 that is the datamanagement system described above for FIG. 15 as an apparatus to beconnected to the electronic distribution service center 1, can transmitcharge information held in the storage module 311 of the encryptionprocessing section 301 to the home server 5, thus can cause theelectronic distribution service center 1 to collect the chargeinformation from the home server 51.

Thus, in the electronic distribution only recording medium 251,although, when holding charge information, for preventing illegalutilization of contents, a utilization right of the contents (a rightfor reproducing the contents) cannot be transferred to another apparatus(transfer with limitation, managed transfer) together with the contents,or deleted (deletion cannot be executed unless the charge processing iscompleted), when transmitting the charge information to the homes server51 in this way, the utilization right of the contents can be transferredto another apparatus (transfer with limitation, managed transfer)together with the contents corresponding to the charge information inaccordance with the transfer processing procedures of the managedtransfer right described above for FIG. 82.

Incidentally, when a utilization right of contents is transferred toanother apparatus together with the contents from the electronicdistribution only recording medium 251, an apparatus having obtained thecontents and their utilization right can return the contents and theirutilization right only to the electronic distribution only recordingmedium 251, if necessary. However, since the electronic distributiononly recording medium 251 can be carried freely, it is sometimesdifficult to easily return the contents and their utilization right fromanother apparatus.

Therefore, for example, the home server 51 (FIG. 15) as an apparatus inthe user home network 5 connected to the electronic distribution servicecenter 1, when taking in charge information held in the electronicdistribution only recording medium 251, takes in corresponding contentsand their utilization right altogether from the electronic distributiononly recording medium 251, and manages the taken in contents and theirutilization right on behalf of the electronic distribution onlyrecording medium 251.

Actually, proxy processing of charge information executed in the homeserver 51 and transfer (transfer with limitation, managed transfer) of aright (utilization right) for reproducing contents will be describedwith reference to a flow chart shown in FIG. 95. In step S740, theelectronic distribution only recording medium 251 is inserted in thehome server 51, and when a user inputs an execution instruction of proxyprocessing of charge information and transfer processing of autilization right via the inputting means 63 in this state, with theupper controller 62 controlling the home server 51 and the electronicdistribution only recording medium 251, the control section 91 of theencryption processing section 65 in the home server 51 mutuallyauthenticates with the encryption processing section 301 in theelectronic distribution only recording medium 251 using each other'smutual authentication modules 95 and 314 and shares the temporary keyK_(temp).

Then, in step S741, the control section 310 of the encryption processingsection 301 in the electronic distribution only recording medium 251forward the charge information held in the storage module 311 to theencryption unit 321 in the encryption/decryption module 315, encryptsthe charge information by the temporary key K_(temp) in the encryptionunit 321, and forwards the encrypted charge information to the signaturegeneration unit 323.

In addition, the control section 310 of the encryption processing 301reads out in ID of a content provider, an ID of a handling policy and ahandling policy corresponding to a version of the handling policyincluded in the charge information, and an ID of a service provider, anID of price information and price information corresponding to a versionof the price information from the external memory 303 via the externalmemory control section 302, and forwards the read out handling policyand price information to the signature generation unit 323. Thus, thecontrol section 310 of the encryption processing section 301 attachsignatures to the charge information and the handling policy encryptedby the temporary K_(temp) as well as the entire price information (orindividually) in the signature generation unit 323, and transmits thecharge information and the handling policy as well as the priceinformation to which the signatures are attached to the upper controller62 of the home server 51 via the communication section 300.

Incidentally, in the electronic distribution only recording medium 251,since a third party illegal obtains profit if charge information istampered during transmission, a signature is always attached to thecharge information and whether or not tamper is made is checked. Inaddition, since there is no specific hindrance even if contents of thecharge information are seen, the charge information may be sent withoutencryption. In the home server 51, proxy processing of chargeinformation and transfer processing of a utilization right can beexecuted without using a handling policy and price information.Therefore, in the electronic distribution only recording medium 251, thehandling policy and the price information may be transmitted to the homeserver 51, if necessary.

In step S742, the upper controller 62 of the home server 51 forwards thecharge information and the handling policy as well as the priceinformation transmitted from the electronic distribution only recordingmedium 251 to the control section 91 of the encryption processingsection 65. Thus, the control section 91 verifies the signaturesattached to the charge information and the handling policy as well asthe price information in the signature verification unit 115 in theencryption/decryption module 96, and if these are not tampered, decryptsthe charge information encrypted by the temporary key K_(temp) by thetemporary key K_(temp).

Then, in step S743, the control section 310 of the encryption processingsection 301 in the electronic distribution only recording medium 251retrieves an ID of contents indicated by the charge information (thecharge information transmitted to the home server 51 in step S741, whichremains as it is unless deleted in the storage module 311) held in thestorage module 311 at this point in step S742, and reads out allcorresponding license conditions information and contents encrypted bythe content key K_(co) from the external memory 303 via the externalmemory control section 302 based on the retrieved ID of the contents.

By forwarding the read out content key K_(co) to the decryption unit 320of the encryption/decryption module 315, the control section 310 of theencryption processing section 301 decrypts the content key K_(co)encrypted by the wave key K_(save) by the save key K_(save) held in thestorage module 311 in the decryption unit 320, and then encrypts thedecrypted content key K_(co) by the temporary key K_(temp) in theencryption unit 321. Then, after attaching signatures to the content keyK_(co) together with the license conditions information and theencrypted contents read out from the external memory 303 in thesignature generation unit 323, the control section 310 transmits them tothe homes server 51 via the communication section 300. Incidentally,signatures may be attached to the license conditions information, thecontents and the content key K_(co) individually, or may be attached tothe entirety of the license conditions information, the contents and thecontent key K_(co). Moreover, a signature may be attached to contents.

Subsequently, in step S744, the control section 91 of the encryptionprocessing section 65 in the home server 51 takes in the licenseconditions information and the encrypted contents transmitted form theelectronic distribution only recording medium 251 as well as the contentkey K_(co) encrypted by the temporary key K_(temp) via the uppercontroller 62, and after verifying the signatures attached to thelicense conditions information and the encrypted contents as well as thecontent key K_(co) encrypted by the temporary key K_(temp) in thesignature verification unit 115, if these are not tampered, decrypts thecontent key K_(co) encrypted by the temporary key K_(temp) by thetemporary key K_(temp).

Thus, in step S745, the upper controller 62 in the home server 51 savesin the mass storage section 68 the contents encrypted by the content keyK_(co) obtained from the encryption processing section 65 (the contentswhose signature was verified in step S744) and the handling policy andthe price information obtained if necessary (the handling policy and theprice information whose signatures were verified in step S742).Incidentally, in step S745, recording processing in the mass storagesection 68 to be executed may be executed immediately after data istransmitted in steps S741 and S743.

In addition, in step S746, the control section 91 of the encryptionprocessing section 65 in the home server 51 saves the charge information(the charge information whose signature was verified in step S742) inthe storage module 92, and at the same time, changes the ID of theencryption section (the ID of the encryption section of the apparatusthat applied purchase processing to the contents) stored in the licenseconditions information (the license conditions information whosesignature was verified in step S744) to its own ID (i.e., the ID of theencryption processing section 65 in the home server 51) to update thelicense conditions information.

Then, in step S747, the control section 91 of the encryption processingsection 65 in the home server 51 encrypts the content key K_(co) (thecontent key K_(co) decrypted in step S744) by the save key K_(save) heldin the storage module 92 in the encryption unit 112 in theencryption/decryption module 96, and saves the license conditionsinformation (the license conditions information updated in step S746) inthe external memory 67 together with the encrypted content key K_(co)via the external memory control section 97. Incidentally, since thetamper check upon writing data in the external memory 67 is executed inthe similar manner as in the processing procedures described above forFIG. 69, its description is omitted.

Then, in step S748, the control section 91 of the encryption processingsection 65 in the home server 51 saves the chare information, theencrypted contents, the content key K_(co), the license conditionsinformation, the handling policy and the price information transmittedform the electronic distribution only recording medium 251 respectivelyin this way, and transmits processing completion data indicating thatthe proxy processing of the charge information and the transfer of theutilization right have been completed to the electronic distributiononly recording medium 251 via the upper controller 62.

Thus, in step S749, when receiving the processing completion datatransmitted from the home server 51, the control section 310 of theencryption processing section 301 in the electronic distribution onlyrecording medium 251 deletes the contents encrypted by the content keyK_(co), the content key K_(co) encrypted by the save key K_(save), thelicense conditions information (i.e., the license conditions informationtransmitted to the home server 51 in step S743), and the handling policyand the price information (i.e., those transmitted to the home server 51in step S742), if necessary, in the external memory 303 respectively viathe external memory control section 302. Incidentally, since the tampercheck at the time of deleting data in the external memory 303 isexecuted in the similar manner as in the processing procedures describedabove for FIG. 71, its description is omitted.

In addition to this, in step S750, the control section 310 of theencryption processing section 301 in the electronic distribution onlyrecording medium 251 deletes the charge information (i.e., the chargeinformation transmitted to the home server 51 in step S741) in thestorage module 311, thereby completing the processing procedures.

As described above, in the electronic distribution only recording medium251, by transmitting the charge information held in the storage module311 in the encryption processing section 301 to the home server 51together with the corresponding contents and the content key K_(co), aswell as the license conditions information to the home server 51, and atthis point, deleting the charge information, the contents, the contentkey K_(co) and the license conditions information transmitted to thehome server 51 from the inside storage module 311 and the externalmemory 303, the contents are managed by the home server 51.

Then, in the home server 51, when the contents were taken in from theelectronic distribution only recording medium 251, since the ID of theencryption processing section of the license conditions informationtaken in together with the contents was changed and the home server 51itself was made an owner of the contents, the contents can betransferred to another apparatus in accordance with the transferprocessing procedures of the managed transfer right described above forFIG. 82, and the contents returned from each apparatus can be taken inaccordance with the return processing procedures of the managed transferright described above for FIG. 83.

In the above-mentioned configuration, the electronic music distributionsystem 10 caused the electronic distribution only recording medium 251to execute purchase processing using the record reproduction apparatus250 that is a recording apparatus, and causes the electronicdistribution only recording medium 251 to hold a right for reproducingcontents, license conditions information and charge information togetherwith the contents. Then, in order to cause the electronic distributionservice center 1 to collect the charge information held by theelectronic distribution only recording medium 251, when the electronicdistribution only recording medium 251 is inserted in the home server 51in the user home network 5, the home server 51 takes in the chargeinformation held in the electronic distribution only recording medium251 together with the corresponding contents, utilization right andlicense conditions information to manage the contents in stead of theelectronic distribution only recording medium 251.

Therefore, in the electronic music distribution system 10, contents ofwhich the home server 51 takes up management from the electronicdistribution only recording medium 251 in the user home network 5 andits utilization right can be managed and transferred to anotherapparatus, recording medium or electronic distribution recording medium251, and the same time, these apparatuses, recording medium andelectronic distribution only recording medium 251 can return thecontents to the home server 51, thus the contents obtained by purchaseprocessing in the electronic distribution only recording medium 251 canbe easily utilized for another apparatus, recording medium and theelectronic distribution only recording medium 251 in the user homenetwork 5 under the management of the home server 51.

In addition, in the electronic distribution only recording medium 251,since limitation is attached to a purchased utilization right if chargeinformation is held, the charge information needs to be collected by thehome server 51 connected to the electronic distribution service center1. Then, in the electronic distribution only recording medium 251, ifmanagement of the corresponding contents is transferred to the homeserver 51, free regions is easily secured in the external memory 302,thus unnecessary deletion of already held contents can be prevented inthe purchase processing of contents.

Moreover, in the user home network 5, since the contents that is appliedpurchase processing and obtained in the electronic distribution onlyrecording medium 251 is stored and managed in this way by the homeserver 51, contents more than the volume that can be held in theelectronic distribution only recording medium 251 (i.e., depending on astorage volume of the external memory 303) can be easily owned.

According to the above-mentioned configuration, by moving the contentsthat is applied purchase processing and held in the electronicdistribution only recording medium 251 using the record reproductionapparatus to the home server 51 in the user home network 5 together withtheir charge information, and managing and concurrently storing thecontents in the home server 51, the contents whose management is takenup from the electronic distribution only recording medium 251 can bemanaged and transferred to another apparatus, recording medium orelectronic distribution only recording medium 251 in the user homenetwork 5, thus an electronic music distribution system in which thecontents recorded in the electronic distribution only recording medium251 can be easily utilized by various kinds of apparatuses such asanother apparatus and recording medium in the user home network 5 can berealized.

(9) Online Charge Purchase Processing

In such an electronic music distribution system 10, a system can beconstructed by connecting online the electronic distribution servicecenter 1 that is an information control apparatus and the serviceprovider 3 that is an information transmission apparatus via a network,and at the same time, connecting online the service provider 3 and thehome network 5 (actually, the home server 51 that is an informationreceiving apparatus).

A flow of data through the entire electronic music distribution system10, when constructed, is shown in FIG. 96. Since the transmission ofdata from the content provider 2 to the service provider 3, and thetransmission of data from the service provider 3 to the user homenetwork 5 are similar to the data flow described above for FIG. 20,their detailed descriptions are omitted.

The user home network 5 (the home server 51) encrypts chargeinformation, attaches a signature to the encrypted charge information,and transmits it to the electronic distribution service center 1 via theservice provider 3. Incidentally, although information required in theelectronic distribution service center 1 such as information requiredfor settlement is included in the handling policy and the priceinformation used for purchase processing, since such various kinds ofinformation is also included in the charge information, the user homenetwork 5 (the home server 51) is made not to transmit handling policyand price information to the electronic distribution service center 1 atthe time of purchase processing.

In addition, update of a delivery key K_(d) and registration information(not shown) is also performed between the electronic distributionservice center 1 and the user home network 5 via the service provider 3.Thus, the user home network 5 does not need to switch a communicationroute to be used in communicating data with the service provider 3 andthe electronic distribution service center 1 and can reduce processingof a communication section compared with the example of an establishmentof a system described for FIG. 1.

Incidentally, in the case in which transmission and reception of dataare performed between the user home network 5 (the home server 51) andthe electronic distribution service center 1, the service provider 3 isused as a communication route between the user home network 5 (the homeserver 51) and the electronic distribution service center 1, and thedata cannot be tampered.

Here, in the home server 51 in the user home network 5, in some case,charge information generated by purchase processing is saved in thestorage module 92 in the encryption processing section 65 and the savedcharge information (which may be plurality of pieces) are transmitted tothe electronic distribution service center 1 altogether at apredetermined timing, and in other cases, the generated chargeinformation is transmitted to the electronic distribution service center1 while performing purchase processing. Incidentally, in some cases, inonline charge purchase processing for transmitting the generated chargeinformation to the electronic distribution service center 1 whileperforming purchase processing, whether or not to execute the onlinecharge purchase processing is described in the handling policy or theprice information.

The online charge purchase processing to be executed in the home server51 will be described with reference to a flow chart shown in FIG. 97. Instep S760, the control section 91 of the encryption processing section65 in the home server 51 decides an effective period (version) of thedelivery key K_(d) stored in the storage module 92 under the control ofthe upper controller 62, and if the delivery key K_(d) is effective, theprocessing proceeds to step S761.

In step S761, the control section 91 of the encryption processingsection 65 determines whether or not a total of charges of the chargeinformation stored in the storage module 92 has reached an upper limitset in advance, and if the total of the charges has not reached theupper limit, the processing proceeds to step S762. Incidentally, sincethe charge information is not saved in the storage module 92 if thecharge information generated at this point is transmitted to theelectronic distribution service center 1 while performing purchaseprocessing, the control section 91 of the encryption processing section65 does not execute the processing of step S761, and the processingproceeds to step S762.

Since steps S762 through S766 execute processing similar to steps S162through S169 described above for FIG. 67, respectively, their detaileddescriptions are omitted. In step S767, the upper controller 62 of thehome server 51 displays information (e.g., a purchasable utilizationform, price or the like) of purchasable contents using the displayingmeans 64, thus, a user can select a purchase item using the inputtingmeans 63. Then, a signal inputted from the inputting means 63 isforwarded to the upper controller 62 of the home server 51, and theupper controller 62 generates a purchase command based on the signal andforwards the purchase command to the control section 91 of theencryption processing section 65. Incidentally, such input processingmay be performed at the start of online charge purchase processing.

When the purchase command is given by the upper controller 62, thecontrol section 91 of the encryption processing section 65 generatescharge information and license conditions information based on thehandling policy whose signature was verified in step S764 and the priceinformation whose signature was verified in step S766. Incidentally, atthis point, the control section 91 generates charge information andlicense conditions information using an RAM (Random Access Memory) forexecuting data processing provided in the encryption processing section65, and holds the generated charge information and the licenseconditions information in the RAM as they are.

Then, in step S768, the control section 91 of the encryption processingsection 65 in the home server 51 mutually authenticates with the mutualauthentication section 17 of the electronic distribution service center1 using the mutual authentication module 95, and shares the temporarykey K_(temp) with the electronic distribution service center 1.

Subsequently, in step S769, after encrypting the charge information bythe temporary key K_(temp) using the encryption unit 112 of theencryption/decryption module 96, the control section 91 of theencryption processing section 65 in the home server 51 attaches asignature using the signature generation unit 114, and transmits thecharge information to the electronic distribution service center 1 viathe service provider 3. Incidentally, the home server 51 encrypts thecharge information by the temporary key K_(temp) prior to thetransmission to the electronic distribution service center 1. This isfor the purpose of protecting privacy of a user purchasing the contents.In addition, the home server 51 sometimes transmits unencrypted chargeinformation to the electronic distribution service center 1 with asignature attached.

In step S770, when receiving the charge information encrypted by thetemporary key K_(temp) transmitted from the home server 51, theelectronic distribution service center 1 verifies a signature attachedto the charge information, and if no tamper is made, decrypts the chargeinformation encrypted by the temporary key K_(temp) using the temporarykey K_(temp) shared with the home server 51, thereby storing thedecrypted charge information in the history data management section 15.

Then, in step S771, upon saving the charge information in this way, theelectronic distribution service center 1 generates receipt dataindicating that the charge information is received, attaches a signatureto the generated receipt data, and transmits the data to the home server51 via the service provider 3. Thus, the control section 91 of theencryption processing section 65 in the home server 51 takes in thereceipt data transmitted from the electronic distribution service center1 sequentially via the communication section 61 and the upper controller62, verifies a signature attached to the receipt data by the signatureverification unit 115, and if the receipt data is not tampered, deletesthe charge information held in the RAM, and the processing proceeds tostep S772.

Since steps S772 through S774 sequentially executes processing similarto steps S172 through S174 described above for FIG. 67, their detaileddescription is omitted. Incidentally, steps S772 through S774 may beexecuted in any order. In addition, since registration informationupdate processing executed in step S775 is similar to the registrationinformation update processing described above for FIGS. 61 and 62, itsdetailed description is omitted. Moreover, since step S776 executeserror processing in the similar manner as in step S176 described abovefor FIG. 67, its detailed description is omitted. Incidentally, in suchonline charge purchase processing, contents, a handling policy and priceinformation encrypted by the content key K_(co) are held in the externalmemory 67 via the external memory control section 97 in any of the stepsafter signatures attached to these are verified.

Further, in step S770, when determining that illegal data exists due totampering of charge information, or the like as a result of verifying asignature of the charge information, the electronic distribution servicecenter 1 does not save the charge information in a history datamanagement section. Then, in step S771, the electronic distributionservice center 1 generates receipt rejection data indicating that thecharge information is not received because it is illegal data, andtransmits the data to the homes server 51 via the service provider 3. Atthis point, when the receipt rejection data transmitted from theelectronic distribution service center 1 is received by thecommunication section 61, the upper controller 62 of the home server 51causes the control section 91 of the encryption processing section 65 toterminate purchase processing based on the receipt rejection data, andat the same time, notifies a user via the displaying means 64 thatcontents the user is trying to purchase cannot be purchased.

As described above, in the online charge purchase processing executed inthe home server 51, contents can be purchased only when the electronicdistribution service center 1 permits purchase processing during thepurchase processing. Further, although the electronic distributionservice center 1 transmits receipt data and receipt rejection data asthey are in this embodiment, the data may be transmitted with asignature added after the data is encrypted by the temporary keyK_(temp), and in the home server 51, after verifying the signatureattached to the encrypted receipt data and receipt rejection data, theencrypted receipt data and receipt rejection data is decrypted by thetemporary key K_(temp), and whether or not the charge information hasbeen collected may be confirmed based on the decrypted receipt data andreceipt rejection data.

In the above-described configuration, in the electronic musicdistribution system 10, if online charge purchase processing is executedin the home server 51, the electronic distribution service center 1receives charge information transmitted from the home server 51 duringthe purchase processing, determines whether or not the chargeinformation is illegal data by verifying a signature attached to thecharge information, and when it is determined that the chargeinformation is legal data as a result (i.e., when the home server 51receives receipt data), causes the home server 51 to execute purchaseprocessing continuously and purchase contents.

On the other hand, in the electronic music distribution system 10, whenthe electronic distribution service center 1 determines that chargeinformation is illegal data during purchase processing executed in thehome server 51 (i.e., when the home server 51 receives receipt rejectiondata), the electronic distribution service center 1 causes the homeserver 51 to terminate the purchase processing and prohibits purchasingcontents.

Therefore, in the electronic music distribution system 10, even ifcharge information transmitted from the home server 51 to the electronicdistribution service center 1 is tampered (charge information istampered outside the encryption processing section 65, or on acommunication route between the home server 51 and the electronicdistribution service center 1), for example, object of purchase contentsare changed to other contents, or a utilization right of contents ischanged to other utilization rights, these illegal contents and illegalutilization right can be prevented from being purchased.

In addition, even if charge information transmitted from the home server51 to the electronic distribution service center 1 is tampered, or priceof contents, or a distributed party of profit from purchase of contentsis changed, purchasing the contents for an illegal price or a thirdparty's gaining illegal profit can be prevented.

According to the above-described configuration, by connecting online theelectronic distribution service center 1 and the user home network 5,transmitting charge information generated at this time to the electronicdistribution service center 1 while the home server 51 executes purchaseprocessing, determining whether or not the charge information is legaldata by the electronic distribution service center 1, and when it isdetermined that the charge information is illegal data, causing the homeserver 51 to terminate the purchase processing to prevent the contentsfrom buying, illegal purchase of the contents and their utilizationright due to tamper of the charge information can be prevented, thus anelectronic music distribution system that can prevent contents frombeing illegally utilized can be realized.

Incidentally, although the electronic distribution service center 1determines whether or not to permit purchase of contents based on chargeinformation transmitted from the home server 51, utilization permissiondata describing contents that a user tries to purchase or a utilizationright is transmitted from the home server 51 like license conditionsinformation, and the electronic distribution service center 1 maydetermine whether or not to permit purchase or utilization of thecontents based on the utilization permission data.

(10) Configuration of an Information Provision Apparatus

In FIG. 98 in which parts corresponding to FIG. 1 are shown by identicalsymbols, the electronic music distribution system 10 with such aconfiguration is provided with an information provision apparatus 330.The information provision apparatus 330 is composed of a hosting server331 holding an encrypted multiplicity of contents supplied from thecontent provider 2 and an information provision terminal (hereinafterreferred to as a KIOSK terminal) 332 set in, for example, a simpleretailing shop (i.e., KIOSK).

In the KIOSK terminal 332, a recording medium 333 that is a recordingmedium consisting of, for example, an MD (trademark) or an electronicdistribution only recording medium 334 described above for FIG. 17 canbe inserted detachably. The KIOSK terminal 332 holds price informationprepared on an information provider side that manages the KIOSK terminal332, reads out contents desired by a customer who is an information userfrom the hosting server 331 via a private cable or a satellitecommunication, and, by executing purchase processing as the home server51 in the user home network 5 does, records the contents desired by thecustomer in a recording medium 333 the customer has or an electronicdistribution only recording medium 334.

Incidentally, the KIOSK terminal 332 receives a public key certificatesa delivery key K_(d), registration information or the like transmittedfrom the electronic distribution service center 1, and in returntransmits charge information, license conditions information, or thelike according to a utilization right of contents to the electronicdistribution only recording medium 334. Thus, the electronicdistribution service center 1 performs processing of profit distributionon the content provider 2, an information supplier (the service provider3 in FIG. 1) or the like based on the charge information given by theKIOSK terminal 332. In addition, the electronic distribution onlyrecording medium 334 sometimes performs purchase processing in theelectronic distribution only recording medium 334 when purchasing autilization right from the KIOSK terminal 332, in which case, it isnecessary to transmit the charge information to the electronicdistribution service center 1 via an apparatus in the user home network5.

Here, FIG. 99 shows a configuration of the hosting server 331. Thehosting server 331 is composed of a communication section 340, a controlsection 341 and a server 342. The communication section 340 communicateswith the content provider 2 and the KIOSK terminal 332, and transmitsand receives predetermined information. When a content provider securecontainer is transmitted from the content provider 2 by controlling thecommunication section 340 and the server 342, the control section 341holds encrypted contents included in the content provider securecontainer in the server 342, and at the same time, transmits key data, ahandling policy or the like included in the content provider securecontainer to the KIOSK terminal 332 via the communication section 340.

In addition, when given a read out request command from the KIOSKterminal 332, the control section 341 reads out corresponding contentsfrom the server 342, and transmits the read out contents to the KIOSKterminal 332 via the communication section 340. Incidentally, acommunication route of a read out request command of contents and aroute of contents may be different.

FIG. 100 shows a configuration of the KIOSK terminal 332, and the KIOSKterminal 332 is composed of a communication section 350 that isreceiving means, an upper controller 351 that is storing means forcontrolling the KIOSK terminal 332, an encryption processing section 352that is license conditions information preparing means, an electronicwatermark insertion section 353 that is electronic watermark insertingmeans, a price processing section 354, inputting means 355, displayingmeans 356, and a KIOSK terminal sever 357.

The communication section 350 communicates with the hosting server 331and the electronic distribution service center 1, and transmits andreceives predetermined information. Since the upper controller 351 has afunction similar to that of the upper controller 62 of the home server51, its description is omitted. The encryption processing section 352 iscomposed of a control section 360, a storage module 361, a registrationinformation inspection module 362, a purchase processing module 363, amutual authentication module 364 and an encryption/decryption module365. Since the control section 360, the storage module 361, theregistration information inspection module 362, the purchase processingmodule 363 and the mutual authentication module 364 have functionssimilar to those of the corresponding control section 91, storage module92, registration information inspection module 93, purchase processingmodule 94 and mutual authentication module 95 in the home server 51respectively, their descriptions are omitted.

The encryption/decryption module 365 is composed of a decryption unit370, an encryption unit 371, a random number generation unit 372, asignature generation unit 373 and a signature verification unit 374.Since the decryption unit 370, the encryption unit 371, the randomnumber generation unit 372, the signature generation unit 373 and thesignature verification unit 374 have functions similar to those of thecorresponding decryption unit 111, encryption unit 112, random numbergeneration unit 113, signature generation unit 114 and signatureverification unit 115 in the home server 51 respectively, theirdescriptions are omitted.

The electronic watermark insertion section 353 is composed of a mutualauthentication module 380, a key decryption module 381, a decryptionmodule 382, an electronic watermark addition module 383 and a storagemodule 384. In the electronic watermark insertion section 353, althoughthe mutual authentication module 380, the key decryption module 381, thedecryption module 382, the electronic watermark addition module 383 andthe storage module 384 have functions similar to those of thecorresponding mutual authentication module 101, key decryption module102, decryption module 103, electronic watermark addition module 105 andstorage module 106 in the extension section 62 of the home server 51respectively, contents decrypted by a content key are not extended, but,for example, with an ID of a holder of the KIOSK terminal 332 insertedin the contents, are forwarded to the recording medium 333 and theelectronic distribution only recording medium 334 as they are (asdigital data). However, in the electronic watermark insertion section353, in some cases, contents that are an output of the decryption module382 are extended, if necessary, recompressed using another compressionalgorithm, and the output is forwarded to the electronic watermarkaddition module 383.

The price processing section 354 displays on the displaying means 356information of price with respect to a utilization right of contents acustomer has purchased upon purchase processing, and when price isinserted from a price insertion opening provided in the KIOSK terminal332, determines whether or not the inserted price is insufficient, andif the price is insufficient, notifies the customer of information ofinsufficient amount via the displaying means 356, or if the price is toomuch, notifies the customer of information of an amount of change viathe displaying means 356, and returns the change from a price returnopening.

The inputting means 355 forwards to the upper controller 351 variouskinds of information such as selection information of contents or thelike inputted via an operation button. The displaying means 356 iscomposed of a predetermined display device such as a liquid crystaldisplay, issues an instruction to a customer, and displays information.Incidentally, the inputting means 355 and the display means 356 can beconfigured by uniting them by a touch panel type liquid crystal displayor the like.

The KIOSK terminal server 357 has a function similar to the mass storagesection 68 of the home server 51, and holds key data (an encryptedcontent key K_(co), an encrypted individual key K_(i) (not shown))transmitted from the hosting server 331, a handling policy, and priceinformation prepared on the KIOSK side, or the like. Incidentally, theKIOSK terminal server 357 may hold encrypted contents.

Then, when a customer inserts the recording medium 333 or the electronicdistribution only recording medium 334 in a media insertion openingprovided in the KIOSK terminal 332, the KIOSK terminal 332 displays apurchase guide, information of purchasable contents, or the like via thedisplay means 356, and as a result, if a customer selects and designatesdesired contents via the inputting means 355, reads out the selected anddesignated contents from the hosting server 331 to apply purchaseprocessing, and records the contents in the recording medium 333 or theelectronic distribution only recording medium 334.

Incidentally, FIG. 101 illustrates information transmitted among thecontent provider 2, the hosting server 331 and the KIOSK terminal 332.The content provider 2 attaches a public key certificate of the contentprovider to a content provider secure container, and sends the contentprovider secure container to the hosting server 331.

The hosting server 331 verifies a public key certificate of the contentprovider 2, obtains a public key of the content provider 2, and verifiesa signature of the received content provider secure container using theobtained public key. After succeeding in verifying the signature, thehosting server 331 takes out encrypted contents from the contentprovider secure container, holds the taken out encrypted contents in theserver 342, and at the same time, transmits the remaining key data (anencrypted content key K_(co) or an encrypted individual key K_(i) (notshown)), a handling policy and the like to the KIOSK terminal 332.

The KIOSK terminal 332 holds the received key data (an encrypted contentkey K_(co) or an encrypted individual key K_(i) (not shown)), a handlingpolicy and the like, and at the same time, holds price informationprepared on an information provider side that manages the KIOSK terminal332.

Here, purchase processing that is actually executed in the KIOSKterminal 332 will be described with reference to flow charts shown inFIGS. 102 through 105. In step S780, when a customer inserts a medium(the recording medium 333 or the electronic distribution only recordingmedium 334) in the KIOSK terminal 332, in step S781, the uppercontroller 351 of the KIOSK terminal 332 determines whether or not theinserted medium is the recording medium 333 (in this embodiment, forexample, an MD (trademark)), and if the inserted medium is the recordingmedium 333, the processing proceeds to step S782.

In step S782, the upper controller 351 causes the displaying means 356to display information such as purchasable contents (i.e., a tune),price and the like, and in this state, the customer selects anddesignates desired contents and inserts money in the price insertionopening, the processing proceeds to step S783. In step S783, the uppercontroller 351 checks whether or not the money inserted by the customeris insufficient compared with charged price, and if it is notinsufficient (money inserted by the customer may be more than theprice), the processing proceeds to step S785. Incidentally, in stepS783, if the money inserted by the customer is insufficient comparedwith the charged price, the processing proceeds to step S784, where theupper controller 351 instructs the customer via the displaying means 356to insert an insufficient portion of money in the price insertionopening.

In step S785, the upper controller 351 reads out from KIOSK terminal 357a handling policy, price information and key data corresponding to thecontents selected and designated by the customer, and forward them tothe encryption processing section 352 to instruct the control section360 to execute the purchase processing.

Then, in step S786, the control section 360 of the encryption processingsection 352 executes purchase processing of, for example, a copyingright with copy management information (SCMS) in which a number of timesof copying is limited to one (i.e., copying from the KIOSK terminal 332to the recording medium 333) with respect to the contents selected anddesignated by the customer based on the handling policy and the priceinformation given by the upper controller 351. As a result, the chargeinformation is held in the storage module 361.

Incidentally, after recording contents in the recording medium 333, inorder to prevent the contents from being illegally copied from therecording medium 333 to another recording medium 333, the KIOSK terminal332 executes purchase processing of the copying right with copymanagement information. However, although a copying right without copycontrol information with a number of times limitation or the recordingmedium 333 in this embodiment is an MD (trademark) as long as it canprevent illegal copying, purchase processing of a copying right and thelike with limitation according to various kinds of medium such as amemory stick (trademark) may be executed.

Then, in step S787, in the decryption unit 370 of theencryption/decryption module 365, the control section 360 of theencryption processing section 352 takes out an encrypted individual keyK_(i) and an encrypted content key K_(co) included in key data given bythe upper controller 351, decrypts the encrypted individual key K_(i)using the delivery key K_(d) stored in the storage module 361, anddecrypts the encrypted content key K_(co) using the obtained individualkey K_(i).

Subsequently, in step S788, the control section 360 of the encryptionprocessing section 352 mutually authenticates with the electronicwatermark insertion section 353 using each other's mutual authenticationmodules 364 and 380, and shares the temporary key K_(temp), and theprocessing proceeds to step S789. In step S789, the control section 360of the encryption processing section 352 encrypts the decrypted contentkey K_(co) using the temporary key K_(temp) in the encryption unit 371of the encryption/decryption module 365. Then, in step S790, the controlsection 360 of the encryption processing section 352 forwards thecontent key K_(co) encrypted by the temporary key K_(temp) to theelectronic watermark insertion section 353.

In step S791, in the key decryption module 381, the electronic watermarkinsertion section 353 decrypts the encrypted content key K_(co) given bythe encryption processing section 352 using the temporary key K_(temp)(shared with the encryption processing section 352) given by the mutualauthentication module 380.

Then, in step S792, the upper controller 351 transmits a read outrequest of contents selected and designated by a customer (e.g.,including an ID of contents) to the hosting server 331 via thecommunication section 350, reads out encrypted contents selected anddesignated by the customer from the hosting server 331, and forwards thecontents to the electronic watermark insertion section 353.Incidentally, when having read out the encrypted contents from thehosting server 331 in this way, since the encrypted contents can besaved in the KIOSK terminal server 357, if the customer selects anddesignates contents, the upper controller 351 may first retrievecontents held by the KIOSK terminal server 357, and if there is notcorresponding contents in the KIOSK terminal server 357, read out thecontents from the hosting server 331. In addition, read out of contentsmay be executed in steps before step S792.

In step S793, after decrypting the encrypted contents given by the uppercontroller 351 using the decrypted content key K_(co) in the decryptionmodule 382, the electronic watermark insertion section 353 inserts, forexample, an ID of a holder of the KIOSK terminal 332 in the form of anelectronic watermark in the decrypted contents in the electronicwatermark addition module 383.

Incidentally, an ID of a holder of the KIOSK terminal 332 is used asdata of the watermark attached to the contents in order to specify theKIOSK terminal 332 that provided the contents when the contents recordedin the recording medium 333 (or the electronic distribution onlyrecording medium 334) are illegally copied.

Then, in step S794, the electronic watermark insertion section 353forwards the contents in which the electronic watermark is inserted tothe recording medium 333 as they are (in the form of digital data),thereby recording the contents designated by the customer in therecording medium 333.

Subsequently, in step S795, the upper controller 351 uses the priceprocessing section 354 determines whether or not money inserted in theprice insertion opening by the customer is more than a charged price,and if the money is more than the charged price, returns the balance aschange from the price returning opening.

In this way, in step S796, the customer receives the change if there ischange, and at the same time, receives the recording medium 333.

Incidentally, when the customer purchases a utilization right ofcontents in this way, the upper controller 351 of the KIOSK terminal 332transmits the charge information prepared at the point to the electronicdistribution service center 1. Thus, the electronic distribution servicecenter 1 makes a settlement based on the charge information, therebycollecting a part of the price paid by the customer from the holder ofthe KIOSK terminal 332 according to the utilization right to which thepurchase processing was applied.

On the other hand, when the customer inserted the electronicdistribution only recording medium 334 in the KIOSK terminal 332 in stepS800, in order to identify that the medium is the electronicdistribution only recording medium 334 by identification processing ofmedia in the subsequent step S801 (i.e., if the medium inserted in theKIOSK terminal 332 by the customer is identified as the electronicdistribution only recording medium 334 by the identification processingof contents described above for step S781), the upper controller 351proceeds to step S802. Incidentally, if the medium is identified as therecording medium 333 in this step S801, processing of step S782 and thesubsequent steps are executed.

In step S802, the upper controller 351 sets a purchasable utilizationright to contents (e.g., an unlimited reproduction right, a reproductionright with a period limited, a reproduction right with an accumulatedtime limited, a reproduction right with a number of times limited, anunlimited copying right, a copying right with a number of times limited,or the like) together with the purchasable contents (i.e., a name of atune) and a price via the displaying means 356, and causes thedisplaying means 356 to display the information of the set contents ofutilization right, and when the customer selects and designates desiredcontents via the inputting means 355 and, at the same time, selects anddesignates contents of a desired utilization right, the processingproceeds to step S803.

In steps S803, the upper controller 351 inquires whether or not thepurchase price of the utilization right will be settled later via thedisplaying means 356. Then, when the customer selects to pay the priceon the spot via the inputting means 355, the upper controller 351 inturn solicits the customer to insert money in the price insertionopening via the displaying means 356, and the processing proceeds tostep S804. Incidentally, since step S804 executes processing similar tothe processing described above for step S783, its description isomitted. In addition, since step S805 to which the processing canproceed from step S804 executes processing similar to the processingdescribed above for step S784, its description is omitted.

Then, in step S806, the upper controller 351 inquires the customerwhether or not the purchase processing may be executed by the KIOSKterminal 332 via the display means 356. If the customer selects that theKIOSK terminal 332 may execute the purchase processing via the inputtingmeans 355, the processing proceeds to step S807.

Since processing similar to the processing described above for step S785is executed in step S807, its description is omitted. Then, in stepS808, the control section 360 of the encryption processing section 352in the KIOSK terminal 332 executes the purchase processing of theutilization right selected and designated by the customer in thepurchase processing module 363 based on the handling policy and theprice information given by the upper controller 351, prepares licenseconditions information and charge information, and holds the chargeinformation in the storage module 361, and then the processing proceedsto step S809. since processing similar to the processing described abovefor step S787 is executed in step S809, its description is omitted.

Incidentally, as an ID of an encryption processing section to be storedin data of license conditions information (i.e., an ID of the encryptionprocessing section that prepared the license conditions information), anID of the encryption processing section 122 in the electronicdistribution only recording medium 334 is stored. (However, an ID of theencryption processing section 352 in the KIOSK terminal 332 may bestored. At this point, in some cases, an ID of the encryption processingsection 122 in the electronic distribution only recording medium 334 towhich the contents was transferred is saved in the KIOSK terminal server357, and thereafter transmitted to the electronic distribution servicecenter 1 and managed).

Then, in step S810, the control section 360 of the encryption processingsection 352 in the KIOSK terminal 332 mutually authenticates with theencryption processing section 122 of the electronic distribution onlyrecording medium 334 using each other's mutual authentication modules364 and 128, and shares the temporary key K_(temp), and the processingproceeds to step S811.

In step S811, the control section 360 of the encryption processingsection 352 in the KIOSK terminal 332 encrypts the decrypted content keyK_(co) and the license conditions information respectively in theencryption unit 371 of the encryption/decryption module 365 using thetemporary key K_(temp). Incidentally, since, among the content keyK_(co) and the license conditions information, even if contents of thelicense conditions information are seen, there is no specific problem,only the content key K_(co) may be encrypted. Then, the control section360 of the encryption processing section 352 in the KIOSK terminal 332generates signatures for all of (or a part of) the content key K_(co)encrypted (by the temporary key K_(temp)) and the license conditionsinformation (in some cases, it is encrypted) in the signature generationunit 373, and returns them to the upper controller 351.

Then, in step S812, the upper controller 351 in the KIOSK terminal 332reads out the encrypted contents selected and designated by the customerfrom the hosting server 331 or the KIOSK terminal server 357 as in stepS792. (Incidentally, as a timing, reading out of the contents may beexecuted before step S812). Then, the read out contents, the contentskey K_(co) encrypted (by the temporary key K_(temp)), and the licenseconditions information, the signatures for the content key K_(co)encrypted (by the temporary key K_(temp)) and the license conditionsinformation, as well as the handling information and the priceinformation read out form the KIOSK terminal server 357 are transmittedto the electronic distribution only recording medium 334 via the uppercontroller 351.

In step S813, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334verifies the signatures for the content key K_(co) encrypted (by thetemporary key K_(temp)), the handling information, the price informationand the license conditions information given by the KIOSK terminal 332in the signature verification unit 135, and thereafter decrypts theencrypted content key K_(co) and the encrypted license conditionsinformation, if necessary, respectively, using the temporary keyK_(temp) in the decryption unit 132. Then, the control section 124decrypts the encrypted content key K_(co) using the save key K_(save)held in the storage module 125 in the encryption unit 132.

Then, in step S814, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334saves the contents encrypted by the content key K_(co), the content keyK_(co) encrypted by the save key K_(save), the handling policy, theprice information and the license conditions information in the externalmemory 123 via the external memory control section 130. Incidentally,the content key K_(co) encrypted by the save key K_(save) and thelicense conditions information are saved in a tamper checked region inthe external memory 123 by the external memory control section 130.

Then, although processing for the upper controller 351 in the KIOSKterminal 332 proceeds to steps S815 and S816 in order, since steps S815and S816 executes processing similar to the processing described abovefor steps S795 and S796 respectively, their descriptions are omitted.

Incidentally, since the upper controller 351 of the KIOSK terminal 332transmits the encrypted contents, the encrypted content key K_(co), thehandling policy, the price information and the license conditionsinformation to the electronic distribution only recording medium 334,but holds the charge information in the storage module 361 inside, thecharge information is transmitted to the electronic distribution servicecenter 1. Thus, the electronic distribution service center 1 makes asettlement based on the charge information, thereby collecting a part ofthe price paid by the customer from the holder of the KIOSK terminal 332according to the utilization right to which the purchase processing wasapplied.

Here, in the settlement of the price described above for step S803, whenthe customer selects to make a settlement of the purchase price of theutilization right on a later date via the inputting means 355,processing for the upper controller 351 in the KIOSK terminal 332proceeds to step S820. Incidentally, since processing from this stepS820 to the subsequent step S823 is similar to the processing from stepS807 to the subsequent step S810, their descriptions are omitted.However, the charge information generated in step S821 is not saved inthe storage module 361 of the encryption processing section 352.

Then, in step S824, the control section 360 of the encryption processingsection 352 in the KIOSK terminal 332 encrypts the decrypted content keyK_(co), the license conditions information and the charge informationrespectively in the encryption unit 371 of the encryption/decryptionmodule 365 using the temporary key K_(temp). Incidentally, since, evenif contents of the license conditions and the charge information otherthan the content key K_(co) are seen, there is no specific problem, onlythe content key K_(co) may be encrypted. Then, the control section 360of the encryption processing section 352 in the KIOSK terminal 332generates signatures for all of (or each of) the content key K_(co)encrypted (by the temporary key K_(temp)), the encrypted licenseconditions information and the encrypted charge information in thesignature generation unit 373, and transmits the content key K_(co)encrypted by the temporary key K_(temp), the encrypted licenseconditions information, the encrypted charge information and theirsignatures to the upper controller 351.

Then, in step S825, the upper controller 351 in the KIOSK terminal 332reads out the encrypted contents selected and designated by the customerfrom the hosting server 331 or the KIOSK terminal server 357 as in stepS792. (Incidentally, as a timing, reading out of contents may beexecuted in steps before this step S812).

Then, the encrypted content key, the content key K_(co) encrypted (bythe temporary key K_(temp)), the handling information, the priceinformation, the encrypted license conditions information and theencrypted charge information, as well as the signatures generated forall of (or each of) the entirety of the content key K_(co) encrypted (bythe temporary key K_(temp)), the encrypted license conditionsinformation and the encrypted charge information are transmitted to theelectronic distribution only recording medium 334 via the uppercontroller 351. In addition, the handling policy and the priceinformation may be transmitted from the KIOSK terminal 332 to theelectronic distribution only recording medium 334, if necessary.

In step S826, the external memory control section 130 in the electronicdistribution only recording medium 334 saves the encrypted contents inthe external memory 123. Incidentally, the external memory controlsection 130 saves the handling information and the price information inthe external memory 123, if necessary.

Then, in step S827, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334performs verification of the signatures for the content key K_(co)encrypted (by the temporary key K_(temp)), the encrypted licenseconditions information and the encrypted charge information given by theKIOSK terminal 332 in the signature verification unit 135, and decryptsthe encrypted content key K_(co), the encrypted license conditionsinformation and the encrypted charge information respectively using thetemporary key K_(temp) in the decryption unit 132. (If the licenseconditions information and the charge information are not encrypted, itis unnecessary to decrypt them). Then, the control section 124 encryptsthe decrypted content key K_(co) using the save key K_(save) saved inthe storage module 125 in the encryption unit 132.

Then, in step S828, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334saves the charge information in the storage module 125. Subsequently, instep S829, the control section 124 of the encryption processing section122 in the electronic distribution only recording medium 334 saves theencrypted content key K_(co) and the license conditions information inthe external memory 123 via the external memory control section 130.Incidentally, the content key K_(co) and the license conditionsinformation are saved in a region for which tamper checked was appliedin the external memory 123.

Further, if contents are recorded in the electronic distribution onlyrecording medium 334 with conditions of settlement in a later day asdescribed above, and charge information is also saved in the electronicdistribution only recording medium 334, the electronic distributionservice center 1 thereafter cannot collect the charge information fromthe electronic distribution only recording medium 334 until theelectronic distribution only recording medium 334 is inserted in anapparatus connected to the electronic distribution service center 1.Thus, the electronic distribution only recording medium 334 may beinserted in an apparatus not connected to the electronic distributionservice center 1, and contents are likely to be illegally utilized withno payment of prices.

Therefore, in such an electronic distribution only recording medium 334,after recording contents, the control section 124 of the encryptionprocessing section 122 in the electronic distribution only recordingmedium 334 retrieves charge information of the storage module 125 in apredetermined timing, and if uncollected charge information is saved,applies limitation of a number of times, time or the like to acorresponding utilization right of the contents until the chargeinformation is collected, thereby allowing utilization of the contentswithin the limitation. In this way, illegal utilization of the contentsis prevented.

In addition, in such purchase processing, since the charge informationand the license conditions information that were generated in thepurchase processing, and the handling policy that was used for thegeneration, or the like do not remain in the KIOSK terminal 332, theelectronic distribution service center 1 collects prices from a customerholding the electronic distribution only recording medium 334 at thispoint, and distributes a part of the prices to a holding of the KIOSKterminal 332.

In addition, in the processing described above for step S806, if thecustomer selects that the purchase processing is executed by theelectronic distribution only recording medium 334 via the inputtingmeans 355, the processing proceeds to step S840, where the uppercontroller 351 in the KIOSK terminal 332 reads out contents selected anddesignated by the customer from the hosting server 331 and the KIOSKterminal server 357 as in step S792, and at the same time, reads outcorresponding key data, a handling policy and price information from theKIOSK terminal server 357 and transmits these to the electronicdistribution only recording medium 334.

Incidentally, after mutually authenticating with the electronicdistribution only recording medium 334, the KIOSK terminal 332 may sharethe temporary key K_(temp), encrypt the contents (encrypted by thecontent key K_(co)), the key data, the handling policy and the priceinformation by the temporary key K_(temp), if necessary, and attachsignatures to entire or a part of the data.

In step S841, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334saves the contents (encrypted by the content key K_(co)) in the externalmemory 123 via the external memory control section 130, and at the sametime, saves the handling policy and the price information in theexternal memory 123 via the external memory control section 130, ifnecessary.

Then, in step S842, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334executes purchase processing in the purchase processing module 127, andprepares license conditions information and charge information based onthe handling policy and the price information. Incidentally, since theprocedures of the purchase processing are the same as steps S163 to S170described above for FIG. 67, their detailed description is omitted.

Subsequently, in step S843, after decrypting the encrypted individualkey K_(i) included key data using the delivery key K_(d) held in thestorage module 125 in the decryption unit 131, the control section 124of the encryption processing section 122 in the electronic distributiononly recording medium 334 decrypts the encrypted content key K_(co)included in the key data using the decrypted individual key K_(i). Then,the control section 124 encrypts the encrypted content key K_(co) usingthe save key K_(save) held in the storage module 125 in the encryptionunit 132.

Then, in step S844, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334mutually authenticates with the encryption processing section 352 in theKIOSK terminal 332 using each other's mutual authentication modules 128and 364, and shares the temporary key K_(temp).

Then, in step S845, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334encrypts charge information using the temporary key K_(temp) in theencryption unit 132, and after attaching a signature to the chargeinformation in the signature generation unit 134, transmits theencrypted charge information and the signature to the KIOSK terminal 332via the communication section 121. Incidentally, although a signature isattached to charge information so as not to be tampered, the chargeinformation may be transmitted to the electronic distribution onlyrecording medium 334 without encrypting. If the charge information isnot encrypted, the temporary key K_(temp) may not be shared between theelectronic distribution only recording medium 334 and the KIOSK terminal332.

In step S846, the upper controller 351 in the KIOSK terminal 332forwards the charge information and the signature transmitted from theelectronic distribution only recording medium 334 to the encryptionprocessing section 352. Thus, in step S847, the signature verificationunit 374 of the encryption processing section 352 in the KIOSK terminal332 verifies the signature for the charge information, and aftersucceeding in verifying the signature, decrypts the charge informationusing the temporary key K_(temp) and saves it in the storage module 361.

Then, in step S848, the control section 360 of the encryption processingsection 352 in the KIOSK terminal 332 generates a charge processingcompletion notice indicating that the charge processing is completed,and attaches a signature to the charge processing completion notice inthe signature generation unit 373, forward the charge processingcompletion notice with the signature attached to the upper controller351, and at the same time, transmits it to the electronic distributiononly recording medium 334 via the upper controller 351. Thus, the uppercontroller 351 simply determines whether or not the charge processinghas been complete without specifically verifying the signature based onthe charge processing completion notice. In addition, the controlsection 124 of the encryption processing section 122 in the electronicdistribution only recording medium 334 verifies the signature of thecharge processing completion notice in the signature verification unit135, thereby recognizing the completion of the charge processing.

Then, in step S849, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334saves the content key K_(co) encrypted by the save key K_(save) and thelicense conditions information in a region to which tamper check wasapplied in the external memory 123 via the external memory controlsection 130.

Subsequently, although the KIOSK terminal 332 sequentially executesprocessing of steps S850 and S851, since the processing is similar tothe processing executed in steps S815 and S816, its description isomitted.

In this way, when purchase processing is performed in the electronicdistribution only recording medium 334, charge information is held inthe KIOSK terminal 332, and the charge information is transmitted to theelectronic distribution service center 1 from the KIOSK terminal 332.

Incidentally, in step S803, if the customer selects that purchase priceof the utilization right will be settled on a later date, in step S860shown in FIG. 106, the upper controller 351 of the electronicdistribution only recording medium 334 may transmits the encryptedcontents, the key data, the handling policy and the price information tothe electronic distribution only recording medium 334 in the state ofthe content provider secure container transmitted from the contentprovider 2. Then, if state data of the content provider secure containeris transmitted to the electronic distribution only recording medium 334from the KIOSK terminal 332 in this way, since a signature is alreadyattached to the content provider secure container in the contentprovider 2, the KIOSK terminal 332 transmits the data to the electronicdistribution only recording medium 334 without specifically attaching asignature.

In addition, in step S803, if the customer selects that purchase priceof the utilization right will be settled on a later date, the KIOSKterminal 332 may execute purchase processing to be described withreference to a flow chart shown in FIG. 107. That is, in step S870, theupper controller 351 in the KIOSK terminal 332 instructs the controlsection 360 of the encryption processing section 352 to execute thepurchase processing. Incidentally, since the processing of this stepS870 is similar to the processing of step S785, its detailed descriptionis omitted.

Then, in step S871, in the decryption unit 370 after decrypting theencrypted individual key K_(i) using the delivery key K_(d) held in thestorage module 361, the control section 360 of the encryption processingsection 352 in the KIOSK terminal 332 decrypts the encrypted content keyK_(co) using the decrypted individual key K_(i), and the processingproceeds to step S872. Incidentally, since the processing of step S872is similar to the processing described above for step S810, itsdescription is omitted.

Subsequently, in step S873, the control section 360 of the encryptionprocessing section 352 in the KIOSK terminal 332 encrypts the decryptedcontent key K_(co) using the temporary key K_(temp) in the encryptionunit 371, and generates a signature for the content key K_(co) encrypted(by the temporary key K_(temp)) in the signature verification unit 373,if necessary, and the processing proceeds to step S874, and in this stepS874, in the signature generation unit 373 the control section 360transmits the encrypted contents, the content key K_(co) encrypted (bythe temporary key K_(temp)) and its signature, the handling policy andthe price information to the electronic distribution only recordingmedium 334 via the upper controller 351.

In Step S875, after verifying the signature of the content key K_(co)encrypted (by the temporary key K_(temp)) in the signature verificationunit 135, the control section 124 of the encryption processing section122 in the electronic distribution only recording medium 334 decryptsthe encrypted content key K_(co) using the temporary key K_(temp) in thedecryption unit 131. Then, the control section 124 encrypts thedecrypted content key K_(co) using the save key K_(save) held in thestorage module 125 in the encryption unit 132.

Then, in step S876, the control section 124 of the encryption processingsection 122 in the electronic distribution only recording medium 334executes purchase processing in the purchase processing module 127, andafter preparing license conditions information and charge informationbased on a handling policy and price information, the processingproceeds to step S877, where the control section 124 saves the chargeinformation in the storage module 125.

Subsequently, in step S878, the control section 124 of the encryptionprocessing section 122 in the electronic distribution only recordingmedium 334 saves the encrypted contents, the handling policy and theprice information in the external memory 123 via the external memorycontrol section 130, and then in step S879, saves the encrypted contentkey K_(co) and the license conditions information in a region to whichtamper check was applied of the external memory 123 via the externalmemory control section 130. Incidentally, in step S878, since thecontrol section 124 puts various kinds of information included in thehandling policy and the price information in the license conditionsinformation, the handling policy and the price information may be savedin the external memory 123, if necessary.

In this way, the KIOSK terminal 332 can execute purchase processing fora utilization right of contents with respect to the recording medium 333and the electronic distribution only recording medium 334, and recordthe contents in the recording medium 333 and the electronic distributiononly recording medium 344.

Incidentally, since decrypted contents are recorded in the recordingmedium 333, a customer holding the recording medium 333 can easilyutilize the contents using a reproduction apparatus that does not havean extension section and an encryption section, and does not need toconnect to the service provider 3 and the electronic distributionservice center 1 according to the recording medium 333.

In addition, although a customer holding the electronic distributiononly recording medium 334 cannot utilize contents unless the customeruses a reproduction apparatus provided with an extension section (or,alternatively an encryption processing section) as in the home server 51described above for FIG. 15, since the reproduction apparatus does notneed to be connected to the electronic distribution service center 1 orthe service provider 3 either directly or indirectly, contents can beutilized with an apparatus such as a reproduction apparatus used forestablishing the user home network 5.

In the above-mentioned configuration, in the electronic musicdistribution system 10, if the recording medium 333 is inserted in theKIOSK terminal 332, purchase processing is executed in the KIOSKterminal 332, thereby inserting data of an electronic watermark indecrypted contents to record in the recording medium 333.

In addition, if the electronic distribution only recording medium 334 isinserted in the KIOSK terminal 332, purchase processing is executedeither in the KIOSK terminal 332 or the electronic distribution onlyrecording medium 334, thereby recording encrypted contents and a contentkey K_(co) as well as license conditions information in the electronicdistribution only recording medium 334.

Therefore, in such an electronic music distribution system 10, even if acustomer does not own an apparatus or the like for establishing the userhome network 5 connected to the service provider 3 or the electronicdistribution service center 1, the customer can secure safety to recordcontents in the recording medium 333 and the electronic distributiononly recording medium 334 that the customer owns using the KIOSKterminal 332 installed in the simple retail store, respectively.

That is, since contents is recorded in the recording medium 333 in astate in which a copy control signal such as SCMS is attached or bymanaging copies by an electronic watermark (a copying right with copymanagement information), illegal copying of the contents can beprevented. Incidentally, as an electronic watermark signal, a copycontrol signal (a signal for controlling copy possible/impossible), areproduction control signal (a signal for controlling reproductionpossible/impossible), an ID of any apparatus (an ID of a KIOSK terminalor an ID of an electronic distribution only recording medium 334), orthe like can be envisaged, and one or a plurality of them may beembedded.

In addition, since a utilization right (unlimited, a number of timeslimitation, a time limitation, etc.) selected in the purchase processingand a limitation which is applied on a utilization right until chargeinformation is collected in case of the purchase processing to besettled on a later date is managed by license conditions information inthe electronic distribution only recording medium 334, illegalutilization of contents can be prevented in this case as well.

According to the above-mentioned configuration, since contents arerecorded in the recording medium 333 and the electronic distributiononly recording medium 334 by the KIOSK terminal 332, the contents can beeasily provided to a user who does not own an apparatus for establishinga user home network 5 while securing safety of the contents in therecording medium 333 and the electronic distribution recording medium334.

In addition, since an information provider holding the KIOSK terminal332 (the service provider 3 in FIG. 1) provides price information, andtherefore content provision fees are distributed to the informationprovider in any of the systems in FIGS. 103, 105 and 106, these systemsare not substantially different from those in FIGS. 101, 102 and 104 inwhich money is directly collected.

(11) Provision of Contents to be an Album in a Kiosk Terminal 332

In addition to such a configuration, in the case of the informationprovision apparatus 330, keyword information such as an artist, genderof the artist, a type of a tune (enka, rock'n roll, etc.), a seasonimagined from a tune, a location (sea, mountain, etc.), a time of a day(evening, morning, etc.), and the like that are generated by theinformation provider owning the KIOSK terminal 332 generated withrespect to contents to be saved in the hosting server 331 is saved inthe KIOSK terminal server 357 of the KIOSK terminal 332. Incidentally,as another example, in some cases, the content provider 2 generates thiskeyword information and saves it in a server 342 that is a contentserver in the hosting server 331 or the KIOSK terminal server 357.

In addition, various kinds of provision information (e.g., a commercial,content information, etc.) generated by the information provider that isdifferent for each content or keyword (not necessarily different) issaved in the KIOSK terminal server 357 of the KIOSK terminal 332.Incidentally, the content provider 2 may generate the provisioninformation and save it in the server 342 of the hosting server 331 andthe KIOSK terminal server 357 of the KIOSK terminal 332, or provisioninformation generated by the content provider 2 or received from theinformation provider may be collected as one content by linking it tocontents. (That is, provision information is embedded in the top,middle, last or the like of music (contents) so that the music and theprovision information cannot easily be separated as one tune).

The upper controller 351 that is selecting means and storing means ofthe KIOSK terminal 332 prepares a data table in which a plurality ofcontents saved in the server 342 of the hosting server 331 arecategorized based on the keyword information, and saves the prepareddata table in the KIOSK terminal server 357. Incidentally, an ID ofcontents corresponding for each category are registered in the datatable. In addition, the data table may be generated by the controlsection 341 of the hosting server 331, and saved in the server 342 orthe KIOSK terminal server 357. Moreover, if the data table is saved inthe server 342, the control section 341 of the hosting server 331transmits keyword information for the contents to the KIOSK terminal 332via the communication section 340, thereby saving the keywordinformation in the KIOSK terminal server 357 by the upper controller 351in the KIOSK terminal 332.

Then, in the KIOSK terminal 332, if a customer inserts an electronicdistribution only recording medium 334, the upper controller 351 readsout a keyword corresponding to contents that can be applied purchaseprocessing from the KIOSK terminal server 357, and notifies the customerof the keyword via the displaying means 356. Incidentally, the uppercontroller 351 may at this time notifies the customer of the keyword forthe contents to which purchase processing can be applied read out fromthe KIOSK terminal server 357 together with information on a tune nameor a price for the contents via the displaying means 356.

When the customer selects and designates, for example, a keyword (thenumber of keywords may be plural) corresponding to desired contents anda number contents to which the customer wishes to apply purchaseprocessing, the inputted data is transmitted to the upper controller 351as a signal, and the upper controller 351 having received the signalgenerates a random number by a random number generation program (notshown) held by itself based on the number of contents designated by thecustomer, or causes the random number generation unit 372 that is randomnumber generating means to generate a random number by controlling thecontrol section 360 of the encryption processing section 352.Incidentally, in some cases, the upper controller 351 transmits thekeyword and the random number to the hosting server 331 via thecommunication section 350. In addition, since the random number is usedfor selecting contents at random, all the contents belonging to acategory of a keyword may be applied purchase processing, or contentsbelonging to a category of a keyword may be applied purchase processingin the order of appearing on the data table without forcing to generatea random number.

The upper controller 351 retrieves a data table in the KIOSK terminalserver 357 based on the random number data previously generated and thekeyword inputted via the inputting means 355. Then, the upper controller351 arbitrarily selects an ID of contents in the number designated bythe customer based on the random number data out of a plurality of IDsbelonging to a category corresponding to the keyword, and reads outcontents corresponding to the selected ID of the contents from thehosting server 331.

In addition, as another example, the control section 341 of the hostingserver 331 arbitrarily selects an ID of contents in the numberdesignated by the customer based on the random number data out of aplurality of IDs of contents belonging to a category corresponding tothe keyword by retrieving the data table in the server 342 based on therandom number data and the keyword transmitted from the KIOSK terminal332, reads out contents corresponding to the selected ID of the contentsfrom the server 342, and at the same time, transmits read out eachcontent to the KIOSK terminal 332 via the communication section 340.

In this way, the KIOSK terminal 332 executes the above-mentionedpurchase processing for FIGS. 103 to 105 and FIG. 106 with respect tothe plurality of contents transmitted from the hosting server 331, andrecords each of the contents altogether in the external memory 123 thatis a recording medium via the external memory control section 130 thatis a recording medium in the electronic distribution only recordingmedium 334. Thus, the KIOSK terminal 332 can easily make an album byrecording a plurality of tunes altogether that belong to a category acustomer prefers in the electronic distribution only recording medium334.

In addition, in the purchase processing in the KIOSK terminal 332, theKIOSK terminal 332 records the above-mentioned provision information andcontents (or, as described above, the provision information and thecontents may behave like one content) in the external memory 123altogether via the external memory control section 130 of the electronicdistribution only recording medium 334. Upon reproducing the contents,in order to have a customer listen to the provision information, areproduction order of the contents can be provided for, for example, alimitation clause may be added to the license conditions information.Then, in the purchase processing of the contents, the customer canselect whether to add or not to add provision information, and if theprovision information is added, purchase price can be lowered or free inreturn for it. Thus, the customer can obtain a utilization right ofcontents inexpensively than usual, and even in such a case, the contentprovider 2 and the service provide 3 (in this embodiment, a owner of theKIOSK terminal 332) can obtain a profit from provision information fees(so called commercial fees) via the electronic distribution servicecenter 1.

In addition, in the KIOSK terminal 332, in the case in which a pluralityof contents are recorded as an album in the electronic distribution onlyrecording medium 334, the control section 360 of the encryptionprocessing section 352 selects, for example, a reproduction right with anumber of times limitation that can reproduce contents only once as autilization right for these contents. Moreover, when preparing licenseconditions information, the control section 360 of the encryptionprocessing section in the KIOSK terminal 332 or the control section 124of the encryption processing section 122 in the electronic distributiononly recording medium 334 stores an ID that shows that the contents wererecorded in the KIOSK terminal 332 as an ID of the service provider 3that is stored in the license conditions information. For example, if anId of the service provider 3 is 64 bits, the upper 16 bits aredesignated as a group number and the lower 48 bits are designated as aserial number, and as an ID allocated to the KIOSK terminal 332 that asingle information provider owns, an ID with a group number identical toall the apparatuses and a serial number of the lower 48 bits isdifferent for each apparatus. Then, in order to identify whether or notthe contents recorded in the electronic distribution only recordingmedium 334 are those recorded in the KIOSK terminal 332, the contents isidentified by a group number of an ID of a service provider included inlicense conditions information. (That is, a group number is allocatedfor each information provider).

Then, in the KIOSK terminal 332, if the customer inserts the electronicdistribution only recording medium 334 again and requests to record aplurality of contents as an album, the control section 360 of theencryption processing section 352 takes out license conditionsinformation from the electronic distribution only recording medium 334,and retrieves the contents that were recorded in the KIOSK terminal 332and were already reproduced based on the license conditions information.

In this way, in the KIOSK terminal 332, new contents can be recoded thatdeletes (overwrites) were recorded in the KIOSK terminal 332 of theinformation provider and already reproduced without deleting contentsthat were recorded by the KIOSK terminal 332 of the identicalinformation provider but have not reproduced at all or contents thatwere recorded by a KIOSK terminal of another information providerdifferent from the KIOSK terminal 332 of the identical informationprovider in the electronic distribution only recording medium 334.

In the above-mentioned configuration, the electronic music distributionsystem 10 prepares a data table for categorizing a plurality of contentssaved in the server 342 of the hosting server 331 by the uppercontroller 351 of the KIOSK terminal 332, and saves the data table inthe KIOSK terminal server 357.

Then, when the customer who has inserted the electronic distributiononly recording medium 334 in the KIOSK terminal 332 designates a keywordindicating the customer's own preference, a number of contents to bepurchased altogether, and whether or not to insert/not insert provisioninformation (commercial, etc.), if necessary, the KIOSK terminal 332generates a random number data based on the designated number ofcontents, specifies IDs of many contents belonging to a category of thedesignated keyword from the data table, and at the same time,arbitrarily selects IDs of the designated number of contents based onthe random number data from the IDs of the specified contents, reads outcontents corresponding to the selected IDs of the contents from thehosting server 331, and records the arbitrarily selected plurality ofcontents and the provision information (commercial, etc.), if necessary,altogether in the electronic distribution only recording medium 334.

Therefore, it is possible to record a plurality of contents (tunes)belonging to a category according to a preference of a customeraltogether in the electronic distribution recording medium 334 to easilymake an album. In addition, since a random number is used for selectionof contents, even if contents are recorded again in the electronicdistribution only recording medium 334, a customer can listen todifferent contents with relatively high probability, and it is alsopossible to make it unclear which tunes are recorded, therefore, fun oflistening to music can be provided to a customer.

Moreover, since a number of reproduction times of contents and anapparatus used for recording the contents are managed in the electronicdistribution recording medium 334, if the contents are recorded again inthe electronic distribution only recording medium 334 in the KIOSKterminal 332, inadvertent deletion of contents that were recorded in theKIOSK terminal 332 but have not reproduced at all or contents recordedby an apparatus different from the KIOSK terminal 332 can be prevented.

According to the above-mentioned configuration, in the informationprovision apparatus 330, since a number of contents saved in the hostingserver 331 are categorized and managed based on a predetermined keywordby the KIOSK terminal 332, when a customer utilizing the KIOSK terminal332 designates a keyword indicating the customer's own preference and adesired number of contents, contents in the number designated by thecustomer are arbitrarily selected, and the selected contents are readout from the hosting server 331 and recorded in the electronicdistribution only recording medium 334, the plurality of contentsbelonging to a category according to the customer's preference can berecorded altogether, thus a plurality of contents according to thecustomer's preference can be easily recorded.

In addition, a customer can obtain a utilization right of contentsinexpensively by saving provision information with contents altogether.

Further, although the information provision apparatus 330 that is aninformation recording apparatus is configured by connecting the hostingserver 331 and the KIOSK terminal 332 by a special purpose cable, acommunication satellite or the like in the electronic music distributionsystem 10, it may be configured by providing the hosting server 331integrally in the KIOSK terminal 332, or providing the hosting server331 inside the content provider 2.

In addition, as a medium used as a recording medium 333, various kindsof media other than an MD (trademark) can be applied if a copyinglimitation can be added as in a medium corresponding to SCMS.

Moreover, although the KIOSK terminal 332 is installed in a simpleretail store, it can be installed in various places such as in a largescale store, a public facility, or the like.

Moreover, as a utilization right of purchasable contents, not only anumber of times right that can only be reproduced once but also autilization right whose effective period is limited is envisaged, andwhen applying purchase processing in the KIOSK terminal 332, contentswhose effective period has expired can be deleted.

Furthermore, although a customer is allowed to selected whether or notto attach provision information to contents, a customer may be forced toattach provision information to all contents depending on the contents.

(12) Purchase Prohibition Processing of Contents

Here, a purchase prohibition list preparation section (not shown in FIG.2) is provided in the electronic distribution service center 1 (FIG. 2)that is a list transmission apparatus, and the purchase prohibition listpreparation section prepares a purchase prohibition list of contentsindicated in FIG. 108. An ID of contents being objects of purchaseprohibition, an ID of a content provider being an object of utilizationsuspension, and an ID of a service provider being an object ofutilization suspension are stored in the purchase prohibition list ofcontents, and an electronic signature of the electronic distributionservice center 1 is attached to the entire list.

In the purchase prohibition list of contents, the ID of contents beingan object of purchase prohibition indicates contents that have becomeobjects of purchase prohibition because a defect (an error) has occurredin data, provision of contents has been suspended due to some reason bya provider of contents (a content provider 2 and a service provider 3),or the like. In addition, the ID of a content provider and the ID of theservice provider being objects of utilization suspension indicate acontent provider 2 and a service provider 3 that have become unable tobe utilized for purchase of contents because they have been deprived ofa sales right of contents due to illegal distribution of contents beingobjects of purchase prohibition, they are unable to distribute contentsdue to bankruptcy or the like.

The electronic distribution service center 1 transmits a purchaseprohibition list of an apparatus (in this embodiment, the home server 51that is an online apparatus) in the user home network 5 connected onlineto the electronic distribution service center 1 via a predeterminedtransmitting means (not shown).

The home server 51 receives the purchase prohibition list of contentstransmitted from the electronic distribution service center 1 by thecommunication section 61, and the upper controller 62 forwards thepurchase prohibition list to the encryption processing section 65. Afterverifying an electronic signature attached to the purchase prohibitionright in the signature verification unit 115, the encryption processingsection 65 saves the purchase prohibition list in, for example, the massstorage section 68 that is a list holding means via the upper controller62 if the purchase prohibition list is not tampered. Incidentally, thehome server 51 may save the purchase prohibition list transmitted fromthe electronic distribution service center 1 in the mass storage section68 without verifying the signature attached to it, and verify thesignature when using the purchase prohibition list in purchaseprocessing, or the like.

Then, when a content provider secure container and a service providersecure container are transmitted from the content provider 2 via theservice provider 3, the upper controller 62 forwards, for example, ahandling policy included in the content provider secure container orprice information included in the service provider secure container tothe encryption processing section 65, and at the same time, reads out apurchase prohibition list of contents from the mass storage section 68and forwards it to the encryption processing section 65.

The control section 91 that is take-in suspension processing means ofthe encryption processing section 65 retrieves information in thepurchase prohibition list of contents using an ID of the contentprovider indicating a provider of contents included in the handlingpolicy or the price information, an ID of the service provider, or andan ID of contents to be provided. Then, if the ID of the contentprovider included in the handling policy or the price information, theID of the service provider, or and the ID of contents exists in thepurchase prohibition list of contents, the control section 91 does notpurchase the contents, and executes purchase processing only if the IDof the content provider included in the handling policy or the priceinformation, the ID of the service provider, or and the ID of contentsdoes not exist in the purchase prohibition list.

In this way, even if contents being objects of purchase prohibition areinadvertently transmitted, the home server 51 can prevent purchase ofthe contents, and at the same time, prevent purchase of contentstransmitted from the content provider 2 or the service provider 3 thatis an object of utilization suspension. Incidentally, when receiving apurchase prohibition list of contents, the home server 51 can prohibitpurchase of contents based on a regular purchase prohibition listprepared in the electronic distribution service center 1 by verifying anelectronic signature of the purchase prohibition list.

In addition, in the electronic distribution service center 1, each timenew contents becomes object of purchase prohibition other than thecontents registered in the purchase prohibition list of contents, or anew content provider 2 or service provider 3 becomes an object ofutilization suspension other than the content provider 2 or the serviceprovider 3 registered in the purchase prohibition list, the purchaseprohibition list of contents is updated and the updated purchaseprohibition list is transmitted to the home server 51.

Thus, each time a purchase prohibition list is transmitted from theelectronic distribution service center 1, the home server 51 updates apurchase prohibition list in the mass storage section 68. Incidentally,if the purchase prohibition list is updated, the electronic distributionservice center 1 is made such that a receiving side of a purchaseprohibition list can identify if the purchase prohibition list is theone newly updated by attaching a date of the update (update date), anumber (serial number), or the like to the purchase prohibition list.

Here, a fixed apparatus, a portable apparatus, an electronicdistribution only recording medium, and the like (these are collectivelyhereinafter referred to as offline apparatuses) that are not connectedonline to the electronic distribution service center 1 are provided inthe user home network 5, and the home server 51 transmits a purchaseprohibition list of contents to an offline apparatus when the offlineapparatus is connected, and causes the offline apparatus to save thepurchase prohibition list. Incidentally, since an offline apparatus isnot always connected to the home server 51, even if a purchaseprohibition list of contents is updated in the electronic distributionservice center 1, a purchase prohibition list held inside the purchaseprohibition list may not be updated accordingly.

Thus, if an offline apparatus is connected, the home server 51 comparespurchase prohibition lists held by them, and if the purchase prohibitionlist held by the home server 51 is new than the purchase prohibitionlist held by the offline apparatus, transmits its purchaser prohibitionlist to the offline apparatus, and causes the offline apparatus toupdate it.

In addition, if offline apparatuses are connected each other, as in thecase in which the home server 51 and an offline apparatus are connected,the home server 51 compares purchase prohibition list held by them, andas a result, an offline apparatus holding the latest purchaseprohibition list among the purchase prohibition lists held by themtransmits the purchase prohibition list to the other offline apparatusand causes the other offline apparatus to update the purchaseprohibition list, and in this way, each offline apparatus update apurchase prohibition list even if it is not connected to the home server51.

Incidentally, if purchased contents are prohibited purchasing after itspurchase or a provider of purchased contents (a content provider 2 and aservice provider 3) becomes an object of utilization suspension afterpurchase of the contents, each apparatus (a home server 51 and anoffline apparatus) in the user home network 5 does not prohibitutilization of the contents that are prohibited purchasing after itspurchase or contents purchased from the provider (the content provider 2and the service provider 3) that has become an object of utilizationsuspension before the utilization suspension, but prohibitsredistribution and repurchase of the contents.

Therefore, when redistributing and repurchasing already purchasedcontents, each apparatus (the home server 51 and the offline apparatus)in the user home network 5 detects whether or not an ID of contents thatare objects of the redistribution and the repurchase is registered inthe purchase prohibition list, and if the ID of contents that areobjects of the redistribution and the repurchase is registered in thepurchase prohibition list, does not perform the redistribution and therepurchase of the contents.

In addition, at the time of such redistribution and repurchase, eachapparatus (the home server 51 and the offline apparatus) in the userhome network 5 detects whether or not an ID of a content provider and anID of a service provider included in a handling policy and priceinformation corresponding to contents that is object of theredistribution and the repurchase are registered in the purchaseprohibition list, and if the ID of a content provider and the ID of aservice provider (indicating a provider of the contents) correspondingto contents that is object of the redistribution and the repurchase areregistered in the purchase prohibition list, does not performredistribution and repurchase of the contents.

In addition, although, at the time of redistribution and repurchase,each apparatus (the home server 51 and the offline apparatus) detectswhether or not contents that are objects of the redistribution and therepurchase is prohibited purchasing and whether or not the provider ofthe contents (the content provider 2 and the service provider 3) hasbecome an object of utilization suspension based on the purchaseprohibition of contents, if the purchase prohibition list then held isnot the latest one, even if the contents that is objects of theredistribution and the repurchase are prohibited repurchase in thelatest purchase prohibition list, possibly transmits them to the otherapparatus without knowing it.

Thus, if contents are redistributed and repurchased, each apparatus (thehome server 51 and the offline apparatus) registers an ID of theredistributed and repurchased contents, an ID of a content provider andan ID of a service provider indicating providers of the contents, and anID of an encryption processing section provided in an apparatus of aredistributor/repurchaser of the contents in a redistribution/repurchaselist of contents shown in FIG. 109, and saves theredistribution/repurchase list in, for example, a mass storage section.Incidentally, each time redistribution and repurchase of contents areperformed, each apparatus updates and saves a redistribution/repurchaselist.

Then, when receiving a purchase prohibition list of contents fromanother apparatus (i.e., when the home server receives a purchaseprohibition list from the electronic distribution service center 1, andwhen the offline apparatus receives a purchase prohibition list from thehome server 51 or another offline apparatus), each apparatus (the homeserver 51 and the offline apparatus) retrieves information in theredistribution/repurchase list based on the ID of the contents that areobjects of purchase prohibition, the ID of the content provider and theID of the service provider that are objects of utilization suspension,which are registered in the purchase prohibition list.

As a result, if the ID of the contents that are objects of purchaseprohibition, the ID of the content provider and the ID of the serviceprovider that are objects of utilization suspension are registered inthe redistribution/repurchase list (in other words, if the contents thathas become objects of purchase prohibition and the contents purchasedfrom the provider (the content provider 2 and the service provider 3)that has become an object of utilization suspension are redistributedand repurchased), each apparatus (the home server 51 and the offlineapparatus) determines that an apparatus (a home server 51 or an offlineapparatus) of the other party that redistributed and repurchased thecontents that have become objects of purchase prohibition or thecontents purchased from the provider (the content provider 2 and theservice provider 3) that has become an object of utilization suspensionis likely to have an old purchase prohibition list before update, andtransmits a purchase prohibition list to the other party's apparatus(i.e., when the other party's apparatus is connected) based on the ID ofthe corresponding encryption processing section in theredistribution/repurchase list and causes the other party's apparatus toupdate its purchase prohibition list.

Here, redistribution processing and repurchase processing of contentsperformed among apparatuses of the user home network 5 will be describedin the case of the home server 51 with reference to a flow chart shownin FIG. 110. That is, in step S890, the upper controller 62 in the homeserver 51 reads out a purchase prohibition list of contents from themass storage section 68, causes the signature verification unit 115 ofthe encryption processing section 65 to verify a signature of thispurchase prohibition list, and as a result, if the purchase prohibitionlist is a correct data, the processing proceeds to step S891.

In step S891, the upper controller 62 retrieves information in theinformation prohibition list based on an ID of contents that are objectsof the redistribution processing and the repurchase processing, verifieswhether or not the ID of contents that are objects of the redistributionprocessing and the repurchase processing is registered in the purchaseprohibition list (i.e., whether or not contents that are objects ofredistribution and repurchase are objects of purchaser prohibition), andif the ID of the contents is not registered in the purchase prohibitionlist (i.e., the contents that are objects of the redistribution and therepurchase are not objects of purchase prohibition), the processingproceeds to step S892.

In step S892, the upper controller 62 retrieves information in thepurchase prohibition list based on an ID of a content providerindicating a provider of contents that are objects of redistribution andrepurchase (an ID of a content provider stored in a handling policy),verifies whether or not the ID of the content provider is registered inthe purchase prohibition list (i.e., whether or not a content provider 2that is a provider of the contents that are objects of theredistribution and the repurchase is an object of utilizationsuspension), and if the ID of the content provider is not registered inthe purchase prohibition list (i.e., the content provider 2 that is aprovider of the contents that are objects of the redistribution and therepurchase is not an object of utilization suspension), the processingproceeds to step S893.

In step S893, the upper controller 62 retrieves information in thepurchase prohibition list based on an ID of a service providerindicating a provider of contents that are objects of the redistributionand the repurchase (an ID of a service provider stored in priceinformation), verifies whether or not the ID of the service provider isregistered in the purchase prohibition list (i.e., whether or not aservice provider 3 that is a provider of contents that are objects ofthe redistribution and the repurchase), and if the ID of the serviceprovider is not registered in the purchase prohibition list (i.e., theservice provider 3 that is a provider of the contents that are objectsof the redistribution and the repurchase is not an object of utilizationsuspension), the processing proceeds to step S894.

In step S894, the upper controller 62 reads out aredistribution/repurchase list of contents from the mass storage section68 and forwards it to the control section 91 of the encryptionprocessing section 65, and the control section 91 verifies a signatureattached to the redistribution/repurchase list using the signatureverification unit 115, and if the redistribution/repurchase list iscorrect data, the processing proceeds to step S895.

In step S895, when a public key certificate of an offline apparatus thatis a counterpart of redistribution processing and repurchase processing,is sent from the offline apparatus, the upper controller 62 receivesthis by the communication section 61, and forwards the received publickey certificate to the control section 91 of the encryption processingsection 65. Then, the control section 91 performs mutual authenticationwith the counterpart offline apparatus by this public key certificateusing the mutual authentication module 95, and as a result, when thecounterpart offline apparatus is authenticated, the processing proceedsto step S896, where the control section 91 additionally registers an IDof an encryption processing section in the offline apparatus included inthe public key certificate (the public key certificate used for themutual authentication in step S895) in the previously verifiedredistribution/repurchase list of contents, and at the same time,additionally registers a corresponding ID of contents that are objectsof the redistribution and the repurchase, ID of a content provider andID of a service provider, and the processing proceeds to step S897.

In step S897, the control section 91 regenerates a signature of theredistribution/repurchase list obtained in step S896 using the signaturegeneration unit 14, forwards the redistribution/repurchase list whosesignature was regenerated to the mass storage section 68 via the uppercontroller 62, and saves the redistribution/repurchase list in the massstorage section 68 in the following step S898.

Then, in step S899, the upper controller 62 redistributes andrepurchases the contents that are objects of the redistribution and therepurchase.

Incidentally, when the upper controller 62 determines that data is notcorrect because the purchase prohibition list is tamper or the like instep S890, the processing proceeds to step S900, where the uppercontroller 62 detects whether or not an apparatus in which the uppercontroller 62 is provided is the home server 51, and in this case, sincethe apparatus in which the upper controller 62 is provided is the homeserver 51, the processing proceeds to step S901, where the uppercontroller 62 obtains a purchase prohibition list again from theelectronic distribution service center 1.

In addition, in step S900, if the apparatus executing the redistributionand the repurchase of contents is an offline apparatus in step S900, theprocessing proceeds to step S902, where the apparatus executing theredistribution and the repurchase of the contents obtains a purchaseprohibition list again from an apparatus that is a counterpart of theredistribution processing and the repurchase processing of the contents(the home server 51 or another apparatuses).

Then, when having obtained the purchase prohibition list in this way,the home server 51 and the offline apparatus verifies a signature of thepurchase prohibition list, and if the purchase prohibition list iscorrect data, the processing proceeds to step S891.

As described above, if an ID of contents that are objects ofredistribution and repurchase, an ID of a content provider indicating aprovider of the contents and an ID of a service provider do not exist ina purchase prohibition list, the home server 51 determines that thecontents of the redistribution and the repurchase are not objects ofpurchase prohibition and are not those provided from a content provider2 and a service provider 3 that are objects of utilization suspension,and redistributes and repurchases the contents that are objects of theredistribution and the repurchase with a counterpart offline apparatus.In addition, at this moment, the home server 51 updates aredistribution/repurchase list of contents and saves it in the massstorage section 68.

On the other hand, if an ID that are objects of redistribution andrepurchase are registered in a purchase prohibition list in step S891,if an ID of a content provider indicating a provider of the contents isregistered in the purchaser prohibition list in step S892, or if an IDof a service provider indicating a provider of the contents isregistered in the purchaser prohibition list in step S893, the uppercontroller 62 in the home server 51 determines that the contents thatare objects of the redistribution and the repurchase are objects ofpurchase prohibition or that the contents are those provided from acontent provider 2 or a service provider 3 that is object of utilizationsuspension, executes error processing in step S904, thereby suspends theredistribution and the repurchase of the contents that are objects ofredistribution and repurchase.

Incidentally, if it is determined that a redistribution/repurchase listin the step 894 of contents is incorrect data because it is tampered orthe like as a result of verification of the redistribution/repurchaselist in the step 894, and if it is determined that a purchaseprohibition list is incorrect data because it is tampered or the like asa result of verification of a signature of the purchase prohibition listof contents in step S902, the upper controller 62 executes errorprocessing and suspends redistribution and repurchase of the contentsthat are objects of the redistribution and the repurchase.

Thus, even if purchased contents become objects of purchase prohibitionor a provider of the contents (a content provider 2 and a serviceprovider 3) becomes an object of utilization suspension, the home server51 can prohibit redistribution and repurchase of the contents.Incidentally, other offline apparatuses excluding the home server 51 inthe user home network 5 can execute redistribution/repurchase processingas the home server 51 does, thereby prohibiting redistribution andrepurchase of purchased contents that has become objects of purchaseprohibition or contents that were purchased from a provider (a contentprovider 2 and a service provider 3) of contents that have becomeobjects of utilization suspension.

Further, in the home server 51, when a purchase prohibition list ofcontents transmitted by the electronic distribution service center 1 viaa predetermined transmission means is transmitted by the communicationsection 61, the upper controller 62 forwards the purchase prohibitionlist of the contents to the encryption processing section 65, and causesthe signature verification unit 115 of the encryption processing section65 to verify the signature. Subsequently, the upper controller 62 readsout a redistribution/repurchase list of contents from the mass storagesection 68, transmits it to the encryption processing section 65, andcauses the signature verification unit 115 of the encryption processingsection 65 to verify the signature.

Then, if an ID of contents that are objects of purchase prohibitionregistered in a purchase prohibition list of contents is registered in aredistribution/repurchase list, the upper controller 62 transmits thepurchase prohibition list to a counterpart offline apparatus or the likethat has redistributed and repurchased the contents that are objects ofpurchase prohibition, thereby causing the counterpart offline apparatusto update the purchase prohibition list. Similarly, if an ID of acontent provider or an ID of a service provider that is an object ofutilization suspension registered in the purchase prohibition list isregistered in the redistribution/repurchase list of contents, the uppercontroller 62 transmits the purchase prohibition list to a counterpartoffline apparatus or the like that has redistributed or repurchasedcontents purchased from a content provider 2 or a service provider 3that has become an object of utilization suspension, thereby causing thecounterpart offline apparatus to update the purchase prohibition list.

Thus, between the home server 51 connected online to the electronicdistribution service center 1 and an offline apparatus, by executingretrieval processing in a redistribution/repurchase list based on apurchase prohibition list each time the purchase prohibition list isobtained, even if contents already redistributed and repurchased becomesobjects of purchase prohibition or a provider of the contents (a contentprovider 2 and a service provider 3) becomes an object of utilizationsuspension, it is possible to prevent the contents from beingredistributed and repurchased again.

Incidentally, between offline apparatuses, by executing processingsimilar to the retrieval processing in a redistribution/repurchase listperformed between the home server 51 and an offline apparatus, even ifcontents already redistributed and repurchased becomes objects ofpurchase prohibition or a provider of the contents (a content provider 2and a service provider 3) becomes an object of utilization suspension,it is possible to prevent the contents from being redistributed andrepurchased again.

In the above-mentioned configuration, the electronic music distributionsystem 10 prepares a purchase prohibition list of contents by theelectronic distribution service center 1, and transmits the preparedpurchase prohibition list to the home server 51 in the user home network5 connected online to the electronic distribution service center 1. Inaddition, in the user home network 5, the home server 51 transmits thepurchase prohibition list of contents to an offline apparatus notconnected online to the electronic distribution service center 1, and atthe same time, purchase prohibition lists held by offline apparatusesare compared with each other among the offline apparatuses at the timeof communication, and if one is the purchase prohibition list updatedlater than the other, the apparatuses mutually hold this new purchaseprohibition list.

Then, in the user home network 5, if contents are distributed from acontent provider 2 via a service provider 3, or if contents aretransmitted from another apparatus in the user home network 5, eachapparatus (a home server 51 and an offline apparatus) determines whetheror not the contents are objects of purchase prohibition and the contentprovider 2 and the service provider 3 that are providers of the contentsare objects of utilization prohibition using a purchase prohibitionlist, and when the contents are objects of purchase prohibition or thecontent provider 2 and the service provider 3 are objects of utilizationprohibition, suspends purchase of the contents.

Therefore, in such an electronic music distribution system 10, eachapparatus (the home server 51 and an offline apparatus) in the user homenetwork 5 can prevent contents that are objects of purchase prohibitionor contents provided from a content provider 2 and/or a service provider3 that are objects of utilization prohibition from being purchased.

In addition, in the electronic music distribution system 10, if contentsredistributed and repurchased among apparatuses in the user home network5 has become objects of purchase prohibition, or if a content provider 2and a service provider 3 that are providers of the contents have becomeobjects of utilization suspension, since the apparatuses transmit apurchase prohibition list to a counterpart apparatus that has executedthe redistribution processing and the repurchase processing of thecontents based on an ID of an encryption processing section in aredistribution/repurchase list of contents, diffusion of illegalcontents from the counterpart apparatus to other apparatuses can beprevented.

According to the above-mentioned configuration, since a purchaseprohibition list of contents is prepared in the electronic distributionservice center 1, the purchase prohibition list is held by eachapparatus (the home server 51 and an offline apparatus) in the user homenetwork 5, and each apparatus in the user home network 5 suspendspurchase of contents that are objects of purchase prohibition andcontents transmitted from a content provider 2 and a service provider 3that are objects of utilization prohibition based on the purchaseprohibition list, in each apparatus in the user home network 5, purchaseof the contents that are objects of purchase prohibition and thecontents provide from the content provider 2 or the service provider 3can be prevented, thus it is possible to realize an electronic musicdistribution system that is capable of substantially certainlypreventing contents that are objects of provision prohibition to beutilized.

Incidentally, although an ID of contents that are objects of purchaseprohibition, and IDs of a content provider 2 and a service provider 3that are objects of utilization prohibition are respectively registeredin a purchase prohibition list, it is sufficient that at least an ID ofcontents that are objects of purchase prohibition is registered.

In addition, although a purchase prohibition list of contents is held ina mass storage section in each apparatus in the user home network 5, thepurchase prohibition list may be held in various kinds of storage mediasuch as an external memory.

Moreover, although an encryption processing section determines whetheror not contents to be purchased are objects of purchase prohibitionbased on a purchase prohibition list in each apparatus in the user homenetwork 5, this determination processing may be executed by an uppercontroller.

Furthermore, in such an electronic music distribution system 10, whenillegal contents flow into the system, if an ID of the contents can befound, purchase of the illegal content in an apparatus in the user homenetwork 5 can be prevented.

Furthermore, if it is found that contents that are objects of purchaseprohibition is held in an apparatus in the user home network 5 byverifying a purchase prohibition list, information indicating thatredistribution and the repurchase of the contents are prohibited may beembedded in a predetermined region in license conditions informationcorresponding to the contents. Similarly, with respect to contentspurchased from a content provider 2 and a service provider 3 that areobject of utilization prohibition, information indicating thatredistribution and the repurchase of the contents are prohibited may beembedded in a predetermined region in license conditions informationcorresponding to the contents. Thus, when redistributing andrepurchasing contents, the contents that are objects of redistributionand repurchase can be easily identified by looking at correspondinglicense conditions information without retrieving through a purchaseprohibition list of contents.

(13) Other Configuration of an Electronic Music Distribution System

FIG. 111 illustrates an electronic music distribution system 400 ofanother configuration. In such an electronic music distribution system400, personal computers (hereinafter referred to as personal computersfor signal processing) 403 and 406 for signal processing between acontent provider 404 consisting of two personal computers 402 and 403for a content server and for signal processing and a service provider407 consisting of two personal computers 405 and 406 for a contentserver and for signal processing as well are connected to an electronicdistribution service center 401 of a personal computer configuration.

In addition, the personal computer 403 for signal processing of thecontent provider 404 is connected to the personal computer 406 forsignal processing of the service provider 407, and a home server 409 ofa personal computer configuration provided in a user home network 408 isalso connected via a network 4.

In the user home network 408, a fixed apparatus 410 such as a fixed typerecord reproduction apparatus and a portable apparatus 411 such as aportable type record reproduction apparatus and a portable typecommunication terminal (a portable type information apparatus, acellular phone, or the like) are connected to the home server 409.

As shown in FIG. 112, in the electronic distribution service center 401,an RAM (Random Access Memory) 417, an ROM (Read Only Memory) 418, adisplay 419, an input section 420, a hard disk drive (HDD) 421 and anetwork interface 422 are connected to a control section 415 such as aCPU (Central Processing Unit) via a bus 416.

In this case, the control section 415 can execute processing similar tothat of the service provider management section 11, the content providermanagement section 12, the copyright management section 13, the keyserver 14, the history data management section 15, the profitdistribution section 16, the mutual authentication section 17, the usermanagement section 18, the charge billing section 19, the disbursementand receipt section 20 and the audit section 21 in the electronicdistribution service center 1 described above for FIG. 2 in accordancewith various kinds of programs stored in the ROM 418 in advance byreading out and developing the programs on the RAM 417.

In addition, the control section 415 records a key used for the entiresystem (a delivery key K_(d) and an individual key K_(i), etc.), andvarious kinds of information such as charge information, priceinformation, a handling policy, and a user registration database in ahard disk of the hard disk drive 421, thereby holding and managing thesevarious kinds of information.

Moreover, the control section 415 can communicate with the contentprovider 404, the service provider 407, the user home network 408,JASRAC and the like via the network interface 422, thus, can give andreceive various kinds of information such as a delivery key K_(d), anindividual key K_(i) encrypted by the delivery key K_(d), chargeinformation, price information, a handling policy, registrationinformation utilization results of contents with the content provider404, the service provider 407, the user home network 408, JASRAC and thelike.

In this way, the electronic distribution service center 401 of apersonal computer configuration can realize a function similar to thatof the electronic distribution service center 1 described above for FIG.2 in accordance with various kinds of programs.

Incidentally, in the electronic distribution service center 410,although the input section 420 and the display 419 may not be providedbecause these are not specifically used, the input section 420 and thedisplay section 419 may be used for confirming various kinds ofinformation recorded in the hard disk drive 421.

In addition, in the electronic distribution service center 401, variouskinds of programs may be recorded in a hard disk of the hard disk drive421 instead of the ROM 418.

FIG. 113 is a block diagram showing a configuration of the contentprovider 404 in which the personal computer for a content server(hereinafter referred to as a personal computer for a server) 402 isconfigured with an RAM 427, an ROM 428, a display 429, an input section430, a hard disk drive 431 storing contents to be supplied to a user ina hard disk, and an IEEE (Institute of Electrical and ElectronicsEngineers) 1394 interface 432 connected to a control section 430 such asa CPU via a bus 426.

In addition, in the content provider 404, the personal computer forsignal processing 403 is configured with an RAM 437, an ROM 438, adisplay 439, an input section 440, a hard disk drive 441, a networkinterface 442 for connection with the electronic distribution servicecenter 401 and the service provider 407, an IEEE1394 interface 432 ofthe personal compute for a server 402 and an IEE1394 interface 444connected via an IEEE1394 cable 443 connected to a control section 435such as a CPU via a bus 436.

In this case, the control section 425 of the personal computer 402 readsout a predetermined program stored in the ROM 428 in advance anddevelops it on the RAM 427, thereby operating in accordance with theprogram, and when a read-out instruction of contents is transmitted fromthe control section 435 of the personal computer 403 for signalprocessing via the IEE1394 cable 443, takes in the read-out instructionvia the IEEE 1394 interface 432, reads out the contents from a hard diskof the hard disk drive 431 based on the taken in read-out instruction ofthe contents, and at the same time, transmits the read out contents tothe personal computer for signal processing 403 from the IEEE1394interface 432 via the IEEE1394 cable 443.

Incidentally, in the personal computer 402 for a server, although theinput section 430 and the display 429 may not be provided by notspecifically using the input section 430 and the display 429, the inputsection 430 and the display 429 may be used for confirming contentsrecorded in the hard disk drive 431, storing new contents in the harddisk drive 431 and deleting contents.

In addition, in the personal computer 402 for a server, a program may berecorded in the hard disk of the hard disk drive 431 in advance insteadof the ROM 428.

On the other hand, in the content provider 404, the control section 435of the personal computer 403 for signal processing records an individualkey K_(i), an individual key K_(i) encrypted by a delivery key K_(d) anda public key certificate of the content provider 404 in the hard disk ofthe hard disk drive 439, thereby maintaining and managing the individualkey K_(i), the individual key K_(i) encrypted by a delivery key K_(d)and the public key certificate of the content provider 404.

And, the control section 435 can executes processing similar to that ofthe electronic watermark addition section 32, the compression section33, the content encryption section 34, the content key generationsection 35, the content key encryption section 36, the handling policygeneration section 37, the signature generation section 38 and themutual authentication section 39 of the contents provider 2 describedabove with reference to FIG. 9 in accordance with predetermined variouskinds of programs by reading out the predetermined various kinds ofprograms, which are stored in the ROM 438 in advance, and developingthem on the RAM 437.

Thus, the personal computer for signal processing 403 can give andreceive a delivery key K_(d), an individual key K_(i) encrypted by thedelivery key K_(d), a handling policy, and a content provider securecontainer with the electronic distribution service center 401 and theservice provider 407 via the network interface 442.

In this way, the content provider 404 of a personal computerconfiguration can realize a function similar to that of the contentprovider 2 described above for FIG. 9 in accordance with various kindsof programs.

Incidentally, in the personal computer 403 for signal processing,although the input section 440 and the display 439 may not be providedby not specifically using the input section 400 and the display 439, theinput section 440 and the display 439 may be used for confirming anindividual key K_(i), an individual key K_(i) encrypted by the deliverykey K_(d), a public key certificate of the content provider 404, or thelike recorded in the hard disk drive 441.

In addition, in the personal computer 403 for signal processing, variouskinds of programs may be recorded in the hard disk of the hard diskdrive 441 instead of the ROM 438. Further, in the personal computer forsignal processing 403, an individual key K_(i) may be held by givingtamper resistant feature to the RAM 437.

Further, in the content provider 404, although the personal computer forsignal processing 403 and the personal computer for a server 402 areconnected via the IEEE1394 cable 443, the personal computer for signalprocessing 403 and the personal computer for a server 402 may be lineconnected via a predetermined signal cable such as a USB (UniversalSerial Bus) cable, an RS-232C cable, or the like, or wireless connectedvia predetermined wireless communicating means.

FIG. 114 is a block diagram showing a configuration of the serviceprovider 407, and the personal computer 405 for a server is configuredwith an RAM 447, an ROM 448, a display 449, an input section 450, a harddisk drive 451 storing a content provider secure container and a publickey certificate of the content provider 404 in a hard disk, and IEEE1394interface 452 connected to a control section 445 such as a CPU via a bus446.

In addition, in the service provider 407, the personal computer forsignal processing 406 is configured with an RAN 456, an ROM 457, adisplay 458, an input section 449, a hard disk drive 460, a networkinterface 461 for connection with the electronic distribution servicecenter 401 and the content provider 404, an IEEE1394 interface 463connected with an IEEE1394 interface 452 of the personal computer for aserver 405 via an IEEE1394 cable 462, and a modem 46 for connecting withthe user home network 408 via the network 4 connected to a controlsection 454 such as a CPU via a bus 455.

In this case, the control section 445 of the personal computer for aserver 405 reads out a predetermined program stored in the ROM 448 inadvance and develops it on the RAM 447, thereby operating in accordancewith the program, and when a content provider secure container and apublic key certificate of contents provider 404 are give together withwriting instruction of these from the control section 454 of thepersonal computer for signal processing 406 via the IEEE1394 cable 462,takes in the writing instruction via the IEEE1394 interface 452, writesthe content provider secure container and the public key certificate ofthe content provider 404 in the hard disk of the hard disk drive 451based on the taken in writing instruction, and at the same time, when anread-out instruction of a content provider secure container and a publickey certificate of the content provider 404 is given from the controlsection 454 of the personal computer 406 for signal processing via theIEEE1394 cable 462, takes in the read-out instruction via the IEEE1394interface 452, reads out the content provider secure container and thepublic key certificate of the content provider 404 from the hard disk ofthe hard disk drive 451 based on the taken in read-out instruction, andat the same time, transmits the read out content provider securecontainer and public key certificate of the content provider 404 to thepersonal computer for signal processing 406 from the IEEE1394 interface452 via the IEEE1394 cable 462.

Incidentally, in the personal computer for a server 405, although theinput section 450 and the display 449 may not be provided by notspecifically using the input section 450 and the display 449, the inputsection 450 and the display 449 may be used for confirming a contentprovider secure container and a public key certificate of the contentprovider 404 recorded in the hard disk drive 451.

In addition, in the personal computer for a server 405, a program may berecorded in the hard disk of the hard disk drive 451 in advance insteadof the ROM 448.

On the other hand, in the service provider 407, the control section 454of the personal computer for signal processing 406 records a public keycertificate of the service provider 407 in the hard disk of the harddisk derive 460, and maintains and manages a secret key of the serviceprovider 407 giving tamper resistant feature to the RAM 456.

The control section 454 reads out predetermined various kinds ofprograms stored in the ROM 457 and develops then on the RAM 456, therebycapable of executing processing similar to that of the certificateverification section 42, the signature verification section 43, thepricing section 44, the signature generation section 45 and the mutualauthentication section 46 of the service provider 3 described above forFIG. 14 in accordance with the various kinds of programs.

Thus, the personal computer for signal processing 406 can give andreceive price information, a content provider secure container, or thelike with the electronic distribution service center 401 and the contentprovider 407 via the network interface 442, and at the same time,transmit a service provider secure container to the user home network408 via the modem 464.

In this way, the service provider 407 of a personal computerconfiguration can realize a function similar to that of the serviceprovider 3 described above for FIG. 14 in accordance with various kindsof programs.

Incidentally, in the personal computer 406 for signal processing,although the input section 459 and the display 458 may not be providedby not specifically using the input section 459 and the display 458, theinput section 459 and the display 458 may be used for confirming apublic key certificate of the service provider 407 or the like recordedin the hard disk drive 460.

In addition, in the personal computer for signal computer 406, variouskinds of programs may be recorded in the hard disk of the hard diskdrive 460 in advance instead of the ROM 457.

Moreover, in the service provider 407, although the personal computerfor signal processing 406 and the personal computer for a server 405 areconnected via the IEEE1394 cable 462, the personal computer for signalprocessing 406 and the personal computer for a server 405 may be lineconnected via a predetermined signal cable such as a USB cable, anRS-232C cable or the like, or may be wireless connected viapredetermined wireless communicating means.

FIG. 115 is a block diagram showing a configuration of the user homenetwork 408, and the home server 409 of a personal computerconfiguration is configured with an RAM 467, an ROM 468, a display 469,an input section 470, a hard disk drive 471, an IEEE1394 interface 472,a modem 473 for connecting with the service provider 407 via the network4, and a network interface 474 for connection with the electronicdistribution service center 401 connected to a control section 465 suchas a CPU via a bus 466.

In addition, in the user home network 408, the fixed apparatus 410 isconfigured with an RAM 77, an ROM 478, a display 479, an input section480, a record reproduction section 481, a media interface 483 for arecording medium 482, and an IEEE1394 interface 495 connected with theIEEE1394 interface 472 of the home server via an IEEE1394 cable 484connected to a control section 475 such as a CPU via a bus 476.

Moreover, in the user home network 408, the portable apparatus 411 isconfigured with an RAM 492, an ROM 493, a display 494, an input section495, and an IEEE1394 interface 497 connected with the IEEE1394 interface472 of the home server via an IEEE1394 cable 496 connected to a controlsection 490 such as a CPU via a us 491.

In this case, the control section 465 of the home server 409 reads outvarious kinds of programs stored in the ROM 468 in advance and developsthem on the RAM 467, thereby capable of executing processing similar tothat of the upper controller 62, the encryption processing section 65and the extension section 66 of the home server 51 described above forFIG. 15 in accordance with the various kinds of programs.

In addition, the display 469 of the home server 409 has a functionsimilar to that of the displaying means 64 of the home server 51described above for FIG. 15, and the input section 470 of the homeserver 409 has a function similar to that of the inputting means 63 ofthe home server 51 described above for FIG. 15. Moreover, the hard diskdrive 471 of the home server 409 has a function similar to that of themass storage section 68 of the home server 51 described above for FIG.15, and at the same time, the modem 473 and the network interface 474 aswell as the IEEE1394 interface 472 has a function similar to that of thecommunication section 61 of the home server 51 described above for FIG.15, and the RAM 467 of the home server 409 has a function similar tothat of the external memory 67 of the home server 51 described above forFIG. 15.

Therefore, the home server 409 of a personal computer configuration canrealize a function similar to that of the home server 51 described abovefor FIG. 15 in accordance with the various kinds of programs.

Incidentally, in the home server 409, various kinds of programs may berecorded in the hard disk of the hard disk drive 471 in advance insteadof the ROM 468, or the hard disk drive 471 may be caused to function inthe similar manner as the external memory 67 described above for FIG.15. In addition, in the home server 409, the modem 473 and the networkinterface 474 may be a single interface such as a modem depending on acommunication form with the service provider 407 and the electronicdistribution service center 401. Moreover, in the home server 409, thefixed apparatus 410 and the portable apparatus 411 may be line connectedvia a predetermined signal cable such as an USB cable or an RS-232Ccable, or may be wireless connected via predetermined wirelesscommunicating means.

On the other hand, in the user home network 408, the control section 475of the fixed apparatus 410 reads out various kinds of programs stored inthe ROM 478 in advance and develops them on the RAM 477, thereby capableof executing processing similar to the upper controller 72, theencryption processing section 73 and the extension section 74 of thefixed apparatus 52 described above for FIG. 15 in accordance with thevarious kinds of programs.

In addition, the display 479 of the fixed apparatus 410 has a functionsimilar to the displaying means 78 of the fixed apparatus 52 describedabove for FIG. 15, and at the same time, the input section 480 has afunction similar to that of the inputting means 77 of the fixedapparatus 52 described above for FIG. 15, and the IEEE1394 interface 485has a function similar to that of the communication section 71 of thefixed apparatus 52 described above for FIG. 15. Moreover, the recordreproduction section 481 of the fixed apparatus 410 has a functionsimilar to that of the record reproduction section 76 of the fixedapparatus 52 described above for FIG. 15, and at the same time, therecording medium 482 has a function similar to the recording medium 80of the fixed apparatus 52 described above for FIG. 15, and the RAM 477of the fixed apparatus 410 has a function similar to that of theexternal memory 79 and the small storage section 75 of the fixedapparatus 52 described above for FIG. 15.

Therefore, the fixed apparatus 410 of the user home network 408 canrealize a function similar to that of the fixed apparatus 52 of the userhome network 5 described above for FIG. 15 in accordance with variouskinds of programs.

Incidentally, in the fixed apparatus 410, by providing a hard disk driveanew, various kinds of programs may be recorded in a hard disk of thehard disk drive in advance instead of the ROM 478, or the hard diskdrive may be caused to function in the similar manner as the externalmemory 79 and the small storage section 75 of the fixed apparatus 52described above for FIG. 15. In addition, in the fixed apparatus 410, ifthe recording medium 482 is a semiconductor memory configuration, thecontrol section 475 may be caused to realize a function of the recordreproduction section 481 in accordance with a predetermined program.

In the user home network 408, the control section 490 of the portableapparatus 411 reads out various kind of programs stored in the ROM 493in advance and develops them on the RAM 492, thereby capable ofexecuting processing similar to that of the upper controller 82, theencryption processing section 83 and the extension section 84 of theportable apparatus 53 described above for FIG. 15 in accordance with thevarious kinds of programs.

In addition, the RAM 492 of the portable apparatus 411 has a functionsimilar to that of the external memory 85 of the portable apparatus 53described above for FIG. 15, and the IEEE1394 interface 497 has afunction similar to that of the communication section 81 of the portableapparatus 53 described above for FIG. 15. Moreover, in the portableapparatus 411, the display 494 and the input section 495 can be utilizedat the time of reproducing contents.

Therefore, the portable apparatus 411 of the user home network 408 canrealize a function similar to that of the portable apparatus 53 of theuser home network 5 described above for FIG. 15 in accordance withvarious kinds of programs.

Incidentally, in the portable apparatus 411, a detachable recordingmedium may be provided for recording and reproducing contents.

In the above-mentioned configuration, in such an electronic musicdistribution system 400, the electronic distribution service center 401,the content provider 404, the service provider 407 and the home server409 of the user home network 408 are respectively configured as apersonal computer configuration.

Therefore, in the electronic music distribution system 400, theelectronic distribution service center 401, the content provider 404,the service provider 407 and the home server 409 do not need to beproduced in a hardware configuration anew, and the system can be easilyconstructed using these personal computers simply by installing variouskinds of programs in an existing personal computer.

According to the above-mentioned configuration, by constructing theelectronic music distribution system 400 using the electronicdistribution service center 401, the content provider 404, the serviceprovider 407 and the home server 409 of a personal computerconfiguration, an existing personal computer can be easily used as theelectronic distribution service center 401, the content provider 404,the service provider 407 and the home server 409, thus the system can beeasily and simply constructed.

Further, in such an electronic music distribution system 400, althoughthe case in which the electronic distribution service center 401, thecontent provider 404, the service provider 407, the home server 409, thefixed apparatus 410 and the portable apparatus 411 are operated inaccordance with various kinds of programs stored in the ROMs 418, 428,438, 448, 457, 468, 478 and 493 in advance has been described, byinstalling a program storing medium recording various kinds of programsin the electronic distribution service center 401, the content provider404, the service provider 407, the home server 409, the fixed apparatus410 and the portable apparatus 411, distribution service center 401, thecontent provider 404, the service provider 407, the home server 409, thefixed apparatus 410 and the portable apparatus 411 may be operatedrespectively in accordance with the various kinds of programs stored inthe program storing medium and various kinds of programs transferred toa hard disk or the like from the program storing medium.

Incidentally, a program storing medium used for operating distributionservice center 401, the content provider 404, the service provider 407,the home server 409, the fixed apparatus 410 and the portable apparatus411 may be realized not only by a package medium such as a CD-ROM(Compact Disk-Read Only Memory) but also a semiconductor memory and amagnetic disk in which a program is temporarily or permanently stored.In addition, as means for storing a program in these program storingmedia, a line or wireless communication medium such as a local areanetwork, the Internet, the digital satellite broadcast, or the like maybe utilized, or a program may be stored with interposition of variouskinds of communication interfaces such as a router or a modem.

INDUSTRIAL APPLICABILITY

The present invention can be utilized for an information transmissionapparatus such as a provider for providing contents such as music,video, a game program or the like, an information receipt apparatus suchas a personal computer or a cellular phone for receiving the providedcontents, and a network system that is constructed from theseinformation transmission apparatus and information receipt apparatus.

1-104. (canceled)
 105. An information sending system for sendingpredetermined contents data from an information sending apparatus to aninformation receiving apparatus, wherein: said information sendingapparatus comprises means for sending, together with said contents data,data of the maximum number of times of possible resending predefined tothe contents data; and said information receiving apparatus comprises:means for receiving, together with said contents data, data of maximumnumber of times; means for generating data of the remaining number oftimes of possible resending of said contents data based on said data ofmaximum number of times; and means for resending, that is, sending dataof the remaining number of times together with said contents data. 106.The information sending system according to claim 105, wherein: saidmeans for generating data of the number of times of said informationreceiving apparatus generates, based on a source of said contents data,a via apparatus data showing an apparatus by way of which the contentsdata is sent; and said means for resending sends said via-apparatus datatogether with said contents data and said data of the remaining numberof times.
 107. An information sending apparatus for sendingpredetermined contents data to an information receiving apparatus,comprising means for sending to said information receiving apparatus,together with said contents data, data of the maximum number of times ofpossible resending predefined to the contents data.
 108. An informationreceiving apparatus for receiving predetermined contents data sent froman information sending apparatus, comprising: means for receiving saidcontents data and data of the maximum number of times of possibleresending predefined to the contents data, sent from said informationsending apparatus; and means for generating data of the remaining numberof times of possible resending of said contents data based on said dataof maximum number of times; and means for resending, that is, sendingdata of the remaining number of times together with said contents data.109. The information receiving apparatus according to claim 108,wherein: said means for generating data of the number of timesgenerates, based on a source of said contents data, a via-apparatus datashowing an apparatus by way of which the contents data is sent; and saidmeans for resending sends said via-apparatus data together with saidcontents data and said data of the remaining number of times.
 110. Aninformation sending method for sending predetermined contents data froman information sending apparatus to an information receiving apparatus,comprising: a sending step of sending by said information sendingapparatus, together with said contents data, data of the maximum numberof times of possible resending predefined to the contents data; areceiving step of, by said information receiving apparatus, said data ofmaximum number of times together with said contents data; a number oftimes data generating step of, by said information receiving apparatus,generating data of the remaining number of times of possible resendingof said contents data based on said data of maximum number of times; anda resending step of, by said information receiving apparatus, sendingdata of the remaining number of times together with said contents data.111. The information sending method according to claim 110, wherein:said number of times data generating step generates, based on a sourceof said contents data, a via-apparatus data showing an apparatus by wayof which the contents data is sent; and said resending step sends saidvia-apparatus data together with said contents data and said data of theremaining number of times.
 112. An information sending method forsending predetermined contents data to an information receivingapparatus, comprising a sending step of sending to said informationreceiving apparatus, together with said contents data, data of themaximum number of times of possible resending predefined to the contentsdata.
 113. An information receiving method for receiving predeterminedcontents data sent from an information sending apparatus, comprising: areceiving step of receiving said contents data and data of the maximumnumber of times of possible resending predefined to the contents datasent from an information sending apparatus; a number of times datagenerating step of generating data of the remaining number of times ofpossible resending of said contents data based on said data of maximumnumber of times; and a resending step of sending data of said remainingnumber of times together with said contents data.
 114. The informationreceiving method according to claim 113, wherein: said means forgenerating data of the number of times generates, based on a source ofsaid contents data, a via-apparatus data showing an apparatus by way ofwhich the contents data is sent; and said means for resending sends saidvia-apparatus data together with said contents data and said data of theremaining number of times.
 115. A program storage medium storing apredetermined program and supplying the program to an informationsending apparatus, characterized in that said program comprises: asending step of sending to the information receiving apparatus, togetherwith predetermine contents data, data of the maximum number of times ofpossible resending predefined to the contents data.
 116. A programstorage medium storing a predetermined program and supplying the programto an information receiving apparatus, characterized in that saidprogram comprises: a receiving step of receiving predetermined contentsdata and data of the maximum number of times of possible resendingpredefined to the contents data sent from an information sendingapparatus; and a number of times data generating step of generating dataof the remaining number of times of possible resending of said contentsdata based on said data of maximum number of times; and a resending stepof sending data of the remaining number of times together with saidcontents data.
 117. The program storage medium according to claim 116,wherein: said means for generating data of the number of times of saidprogram generates, based on a source of said contents data, avia-apparatus data showing an apparatus by way of which the contentsdata is sent; and said means for resending sends said via-apparatus datatogether with said contents data and said data of the remaining numberof times. 118-395. (canceled)